The IP Screen is located under: Security » Security Settings » Screening. It is used to define specific remote IP addresses that will be allowed to connect, or not allowed to connect, to your local IP addresses. The remote IP addresses you place on the IP Screen can be associated with either all of you local IP addresses or with individual IPs. CIDR notation and the wildcards *, #, and ? are allowed.
For example:
*.*.*.* Matches to any IP address
#.#.#.# Matches to any IP address
192.*.*.* Matches to any IP that begins with 192
192.168.*.239 Matches to IP addresses from 192.168.0.239 to 192.168.255.239
192.168.0.1?? Matches to IP addresses from 192.168.0.100 to 192.168.0.199
New IP Screen Item
To create a new IP Screen entry, click New. This will open the New IP Screen Item dialog for creating the entry.
Local IP
In the drop-down list choose either "All IP's" or the specific IP to which this item will apply.
Remote IP (CIDR, * ? and # wildcards are ok)
Enter the remote IP address that you wish to add to the list, associated with the Local IP designated above.
Accept connections
Selecting this option means that the specified remote IP addresses will be allowed to connect to the associated local IP address.
Refuse connections
Selecting this option means that the specified remote IP addresses will NOT be allowed to connect to the associated local IP address. The connection will be refused or dropped.
Add
When you have finished entering the information in the options above, click this button to add the entry to the list.
Import
Select an IP address and click this button if you wish to import IP address data from an APF or .htaccess file. MDaemon's support for these files is currently limited to the following:
•"deny from" and "allow from" are supported
•only IP values are imported (not domain names)
•CIDR notation is allowed but partial IP addresses are not.
•Each line can contain any number of space-separated or comma-separated IP addresses. For example, "deny from 1.1.1.1 2.2.2.2/16", ""3.3.3.3, 4.4.4.4, 5.5.5.5", and the like.
•Lines starting with # are ignored.
Remove
To remove an entry, select the entry in the list and click Remove.
Default Action
To specify the default action for connections from remote IP addresses that have not been defined, select an IP address from the list and click accept or refuse. Once a default action has been specified, you can change it by selecting the "<default>" node beneath the IP address and then selecting the new default setting.
accept
When this option is chosen, connections from any IP addresses not specifically defined on the IP Screen will be accepted.
refuse
When this option is chosen, connections from any IP addresses not specifically defined on the IP Screen will be dropped, or refused.
The IP Screen will never block trusted IPs or local IPs. |
Screening Settings
Apply IP Screen to MSA connections
Use this option to apply IP Screening to connections made to the server's MSA port. Normally this is not necessary. This setting is enabled by default.