IP Rules
An IP Rule specifies an IP Address Filter and an Action that controls access:
- The IP Address Filter can be a single IPv4 or IPv6 address, or a canonical CIDR range.
- The Action determines the outcome:
- Allow: connections from the source are permitted.
- Block: connections from the source are denied.
IP Rules are defined within an IP Filter. They apply automatically wherever that filter is referenced in:
- The Security page, which governs access to the USP Admin UI.
- Inbound Nodes, which handle external incoming client connections.
Before You Begin
IP Rule Examples
| IP Address Filter | Action | Result |
|---|---|---|
1.1.1.0 | Block | Blocks only 1.1.1.0 (/32 implied). |
1.1.1.0/24 | Block | Blocks all hosts in 1.1.1.0/24 (1.1.1.0 to 1.1.1.255). |
192.168.1.42/24 | N/A | Invalid (not canonical). Use 192.168.1.0/24. |
0.0.0.0/0 | Allow | Allows all IPv4 sources; with Block entries, acts as a blocklist-only policy (Block takes precedence). |
::/0 | Allow | Allows all IPv6 sources; with Block entries, acts as a blocklist-only policy (Block takes precedence). |
IP Rules Administration via USP Admin UI
Adding an IP Rule
To add an IP Rule, follow these steps:
- From the Sidebar, click Authentication > IP Filtering.
- Click the row of the IP Filter where you want to add the IP Rule.
- Go to the IP Rules tab.
- Click the Add IP Rule button above the IP Filter details.
- Complete the IP Rule details using the Field Descriptions table as a guide.
- Click Save.
Field Descriptions
| Name | Description | Specifications | Required |
|---|---|---|---|
| IP Address Filter | An IPv4 or IPv6 address to block or allow. CIDR ranges are supported, but only in canonical form (network base address required). | Yes | |
| Description | The description of the IP Rule. | No | |
| Action | Select the action to apply to the entered IP Address Filter. Options:
| Yes |
Editing an IP Rule
To edit an IP Rule, follow these steps:
- From the Sidebar, click Authentication > IP Filtering.
- Click the row of the IP Filter where the IP Rule is added.
- Go to the IP Rules tab.
- Click the row of the IP Rule you want to edit.
- Click the Edit button above the IP Rules details.
- Edit the IP Rule details using the Field Descriptions table as a guide.
- Click Save.
warning
If you modify a IP Rule that is currently in use by a USP Server instance, the changes will not take effect until you manually apply the updated configuration by pushing it to the server. To apply the changes:
- Navigate to Monitoring > Status.
- Click the Name of the associated USP Server instance.
- Go to the Configuration tab.
- Review the pending changes in the Updated Configuration column.
- If the changes are correct, click Push Configuration.
IP Rule Metadata
IP Rules details include all parameters given in the Field Descriptions table above, plus the following read-only metadata:
| Name | Description |
|---|---|
| ID | Universally Unique Identifier of this IP Rule. |
| Created At | Date and time this IP Rule was created. |
| Updated At | Date and time this IP Rule was last updated. |
| Filter ID | The ID of the IP Filter where the IP Rule belongs. |
Deleting an IP Rule
To delete an IP Rule, follow these steps:
- From the Sidebar, click Authentication > IP Filtering.
- Click the row of the IP Filter where the IP Rule is added.
- Go to the IP Rules tab.
- Click the row of the IP Rule you want to delete.
- Click the Delete button above the IP Rules details.
- You will be asked to confirm the deletion. Click Delete.