6.2. Access Control

The Access Control WebTool module gives you fine-grained control over what IP addresses or networks may access specific services on your machine. For example, if you are running a public FTP server you would want to grant everybody on the Internet access to that service. If you are running a private FTP server for employee and contractor use only, you may want to restrict access to it by only permitting specific IP networks access to it.

By the end of this section the reader will be familiar with using the Access Control module.

Log into the Guardian Digital WebTool, and click System menu item, then click the Access Control option and you'll be presented with a screen like the one in Figure 6-3.

In this example the entire Internet may access the Secure IMAP and Secure POP services on this machine, but only users on the 192.168.1.0 network may access the SSH service and the WebTool. This would be a common configuration for somebody running a mail server with no public shell-level access.

To grant an IP address or network access to a specific service type it into the IP Address box for the appropriate service, and click the Add button.

To remove an IP address or network's access to a specific service simply click the address and it will be removed.

The keyword ALL means that access restrictions are disabled and anybody on the Internet may access the service. If the list is empty, no access to that service will be permitted from anywhere.