How do i restrict access to directadmin 2222 ?

[janton]

Hey,

I have been searching the last hours but could find the answer:
I want to give mysite.com:2222 only access true 1 or 2 ip's

How could I achieve this? Is it possible? And is it something that is OK?
(*i only use it for my business site and have no resellers)

 

[mr.applesauce]

Its called a firewall.

 

[janton]

ok i hoped there was somekind of option in Directadmin that could say: only grant access for this IP for directadmin login.

i could alter my CSF settings and delete port 2222 from # Allow incoming TCP ports AND # Allow outgoing TCP ports
And add my ip to csf.allow, but i'm not sure if that will mean i can access that port 2222 then?

 

[mr.applesauce]

No you would have to request it as a feature request.

 

[Acceleratic]

No you would have to request it as a feature request.

Not true.

Id like to point out on this feature: "I only want my IP to be able to execute Admin level commands"

Source: http://help.directadmin.com/item.php?id=349

With a little modification, you can do this for all user types

For example removing this if:

if ["${USERTYPE}" = "admin" ]; then

use all_pre.sh for this.

Regards

 

[DaNgErOuS]

hi
i want restrict Admin from Ip Ranges !!!
your solution is worked for Specified Ip .
how can i restrict Admin from specified ip ranges ?

 

[zEitEr]

You'd better use your firewall then: iptables (Linux), ipfw (FreeBSD)

 

[scsi]

You could possibly do it with a shell script but you would have to create a loop to check each ip in a range. Firewall is way faster.

 

[DaNgErOuS]

i want restricted ip for admin user!!!
how can i do it with firewall like csf .?

 

[zEitEr]

how can i do it with firewall like csf .?

Who knows what you can? Not me...for sure.

i want restricted ip for admin user

Feel free to code and share your solution then. You did not specify what IP ranges you want (is a /24, /23 subnets, or even bigger or less), so doubtfully you will get a ready made script for your needs.

 

[nobaloney]

@zEitEr:

When I read your earlier reply the first thing I thought is you can't do that with a firewall and I believe you can't, unless you're doing some kind of statefull packet inspection and session control.

I'd recommend making a change to the sample login_pre.sh script shown here. You can't just use a simple loop, but you can probably rewrite it to set a flag if a pass through a loop passes, and then either allow or disallow admin access based on the final value of the flag.

Another thing you can't do is use slash notation (something like this (watchguard.com) because after all, this is just a simple script.

Jeff

 

[zEitEr]

@Jeff,
I must have miss-read Admin as DirectAdmin.

@DaNgErOuS,
Another wonderful feature came to my mind, you can use Login Keys, and specify Allowed IPS there:

One IP per line.
Ranges allowed: 1.2.3.4-5
Leave blank to allow any IP.

See details here http://www.directadmin.com/features.php?id=1298