Use the acl
command to restrict users' access to NetMRI to a list of IP addresses or subnets, thereby reducing the likelihood of unauthorized access. By default, the appliance accepts user connections via HTTP (port 80), HTTPS (port 443), SSH (port 22), and SYSLOG (port 514). If an access control list is defined, any or all of these ports can be restricted to a specific list of IP addresses.
Syntax
The following subcommands are supported by the acl
command:
...
acl [commit|list|flush|reload|accept|reject|delete|exit]
Subcommand | Description |
---|---|
list | Lists all ACL entries. |
flush |
...
Clears all ACL entries (no access restrictions). | |
accept |
...
Accepts connections from a given CIDR block |
...
reject |
...
Rejects connections from a given CIDR block. |
...
delete | Deletes the existing access rules. |
| Clear working entries and reload from disk. |
exit | Exits the ACL mode. |
The accept
, delete
, and reject
commands accept the following arguments:
accept <CIDR> 22|69|80|443|514|ssh|tftp|http|https|syslog|all
...
If at least one ACL entry is defined, all access attempts other than those specifically listed are rejected; if no ACL entries are defined, all access attempts are accepted.
Typing acl
? at the prompt provides a brief list of all options:
rgrace64-212.inca.infoblox.com> acl ?
ACL Commands
------------
?- display this list
commit - save working ACLs and make active
exit - exit ACL mode
flush - clear all working ACL entries
list - list all working ACL entries
reload - clear working entries and reload from disk
The following commands add or remove entries to the ACL to either allow or reject access from given CIDRs. The order of ACL entries is important, with the first matching
rule from top to bottom used to determine if a given host can access the system.
accept <CIDR> 22|69|80|443|514|ssh|tftp|http|https|syslog|all
reject <CIDR> 22|69|80|443|514|ssh|tftp|http|https|syslog|all
delete <CIDR> 22|69|80|443|514|ssh|tftp|http|https|syslog
where <CIDR> is formatted as A.B.C.D/NN or <IPv6 Address>/<Prefix>
...
.