Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring IP ACLs for Restricting Access to Resources (CTPView Server Menu)

    An access control list (ACL) is a sequential collection of permit and deny conditions that you can use to filter inbound or outbound routes. You can use different kinds of access lists to filter routes based on The router compares each route's IP address against the conditions in the list, one-by-one. If the first match is for a permit condition, the route is accepted or passed. If the first match is for a deny condition, the route is rejected or blocked. The order of conditions is critical because testing stops with the first match. If no conditions match, the router rejects or blocks the address; that is, the last action of any list is an implicit deny condition for all routes.

    You can define an access list to permit or deny routes on the basis of the IP address or the range of IP addresses. Each access list is a set of permit or deny conditions (based on how they match a route's address) for a route. A zero in the wildcard mask means that the corresponding bit in the address must be exactly matched by the route. A one in the wildcard mask means that the corresponding bit in the address does not have to be matched by the route. You can also specify a range of IP addresses, by entering the starting IP address and the ending IP address in the range separated by a hyphen (-), if you want to enable or disallow traffic from a set of IP addresses.

    Best Practice: We recommend that you modify the IP ACLs during periods of relatively low traffic to minimize network disruptions and outages in processing packets.

    Before you begin, log in to the CTPView server and access the CTPView Configuration Menu. See Accessing the CTPView Server Configuration Menu (CTPView Server Menu).

    Note: You cannot use an SSH application to access the CTPView server until you have configured the server in your network and assigned it an IP address. See Configuring the Network Access (CTPView Server Menu).

    To add, remove, or display IP ACLs:

    1. From the CTPView Configuration Menu, select 6) MySQL Functions.
    2. Select 6) IP ACL Function. The IP ACL Function menu is displayed, which enables you to create a new ACL, delete a previously configured ACL, and view all the ACLs configured on your CTP device.
      CTPView Configuration Menu
      
      Please choose a menu item from the following list:
      
      0) Exit CTPView Configuration Menu
      1) Security Profile
      2) System Configuration
      3) Port Forwarding
      4) Advanced Functions
      5) Backup Functions
      6) MySQL Functions
      7) CTPView Access Functions
      8) GRUB Functions
      9) AAA Functions
      
      Please input your choice [0]: 6
      ************************************************************
           CTPView version 7.2R1-rc3 151120
           Server: ctpview    Date: Mon Dec  7 06:00:20 2015
           Release: CentOS release 5.11 (Final)
           Kernel: 2.6.18-406.el5
           User root logged in from 10.215.150.11 as root
           +++++  ALL  ACTIONS  ARE  LOGGED  +++++
      ************************************************************
      
      MySQL Menu
      
      Please choose a menu item from the following list:
      
      0) Return to previous menu
      1) Change MySQL Administrator password
      2) Change MySQL Apache password
      3) Restart MySQL Server
      4) Initialize Web UI Template Accounts
      5) IP ACL Function
      6) Upgrade Database Structures
      
      Please input your choice [0]: 5
      ************************************************************
           CTPView version 7.2R1-rc3 151120
           Server: ctpview    Date: Mon Dec  7 06:00:23 2015
           Release: CentOS release 5.11 (Final)
           Kernel: 2.6.18-406.el5
           User root logged in from 10.215.150.11 as root
           +++++  ALL  ACTIONS  ARE  LOGGED  +++++
      ************************************************************
      
      IP ACL Function Menu
      
      Please choose a menu item from the following list:
      
      0) Return to previous menu
      1) Add
      2) Remove
      3) Show
      
      Please input your choice [0]: 1
      
      Enter the IP or IP range[e.g 10.0.1-23.*]: 1.2.3.4
      
      Specify the permission
      0) Deny
      1) Allow
      Please input your choice [0]: 0
      IP range/ IP address added successfully...
      
      Hit return to continue...
    3. Select 1) Add
    4. Follow the onscreen instructions and configure the options as described inTable 1.

      Table 1: Creating an IP ACL

      FieldFunctionYour Action

      Enter the IP or IP range [e.g 10.0.1-23.*]

      Specifies the IP address or a pool of IP addresses from which you want to enable or disallow traffic.

      Specify an IP address in the format a.b.c.d/xx, where xx is the subnet prefix, or an IP address range in the format of starting-address - ending -address, with the starting and ending IP addresses separated by a hyphen (-).

      Specify the permission

      Specifies whether you want to enable or deny traffic from the specified IP address or range of addresses.

      Select 0) Deny to cause the CTP device to drop traffic arriving from the specified IP address.

      Select 1) Allow to cause the CTP device to allow traffic arriving from the specified IP address.

      Specify rtn to set the interface that is prompted by the system to be specified as the default IPv4 circuit device. For example, if the prompt displays (rtn for eth1), and if you specify rtn, eth1 is set as the default circuit device.

    5. Press Enter to proceed to the next step of removing any of the configured IP ACLs. The IP ACL Function menu is displayed.
    6. Select 2) Remove. The IP address ranges or IP addresses for which you previously configured ACLs are displayed.
      ************************************************************
           CTPView version 7.2R1-rc3 151120
           Server: ctpview    Date: Mon Dec  7 06:01:04 2015
           Release: CentOS release 5.11 (Final)
           Kernel: 2.6.18-406.el5
           User root logged in from 10.215.150.11 as root
           +++++  ALL  ACTIONS  ARE  LOGGED  +++++
      ************************************************************
      
      IP ACL Function Menu
      
      Please choose a menu item from the following list:
      
      0) Return to previous menu
      1) Add
      2) Remove
      3) Show
      
      Please input your choice [0]: 2
      Current listing of IP range :
      0) Return to previous menu
      1) *.*.*.*
      2) 1.2.3.4
      3) 78.34.3.2
      Please input your choice [0]:2
      IP range/ IP address removed successfully...
      
      Hit return to continue...
      
    7. From the list of IP addresses displayed, select a number pertaining to your choice. Enter the number next to the Please input your choice [0] field. If you select 0, you are returned to the previous menu.

      After you enter a number pertaining to your choice in the menu, a confirmation message is displayed stating that the selected IP address or range is successfully deleted.

    8. Press Enter to proceed to the next step of viewing all the configured IP ACLs. The IP ACL Function menu is displayed.
    9. Select 3) Show. All the configured IP addresses and their corresponding permissions are displayed. The access modifier or permission of 1 denotes permit, and 0 denotes deny.
      ************************************************************
           CTPView version 7.2R1-rc3 151120
           Server: ctpview    Date: Mon Dec  7 06:01:14 2015
           Release: CentOS release 5.11 (Final)
           Kernel: 2.6.18-406.el5
           User root logged in from 10.215.150.11 as root
           +++++  ALL  ACTIONS  ARE  LOGGED  +++++
      ************************************************************
      IP ACL Function Menu
      
      Please choose a menu item from the following list:
      
      0) Return to previous menu
      1) Add
      2) Remove
      3) Show
      
      Please input your choice [0]: 3
      All database entries:
      +-----------+------------+
       | iprange   | permission |
       +-----------+------------+
       | *.*.*.*   |          1 |
       | 78.34.3.2 |          0 |
       +-----------+------------+
      
      Hit return to continue...
      

    Modified: 2015-12-06