Config - IP Ranges
JSON Configuration for IP Ranges
Below, is an example of how a JSON configuration for IP Ranges looks like:
"ipranges": [ { "name": "local", "description": "Local IP addresses", "include": [ "127.0.0.1", "192.168.1.0/30", "10.0.0.0/255.0.0.0", "172.16.0.0/255.255.0.0" ] }, { "name": "Firehol level 1", "description": "All cybercrime IP feeds - see http://iplists.firehol.org/\n\nLocal IP addresses are excluded from the range", "include": ["https://raw.githubusercontent.com/ktsaou/blocklist-ipsets/master/firehol_level1.netset"], "exclude": [ "10.0.0.0/255.0.0.0", "172.16.0.0/12", "192.168.1.0/30", "127.0.0.1" ], "refresh.interval": 15 } ]
Configuration within Ceptor Console
Configuration of IP ranges happen within Ceptor Console, in the Gateway Settings.
Here, you can add or remove ranges.
Press "Add" to add a new range, type in the name, and select the range to continue configuring its details:
An IP range's configuration is stored within a JSON Object inside the ranges array.
IP Range
Name:
This is the name of the IP range - you can refer to this name in e.g. a Condition on a Location when matching a remote IP address against the range.
Default: none
JSON key: name
Description:
This is a short description of the IP Range, here you can describe its purpose and what to use it for.
Default: empty
JSON key: description
Refresh Interval
Here, you can specify the interval in minutes between updating - every x minutes, the configuration will be read again - this is especially useful if you reference any files on disk or load IP Reputation Databases from remote locations.
Default: 5
JSON key: refresh.interval
Include IPs
Here, you can add an IP address or pattern that will in included in the IP Range list.
You can specify:
- Single IP address
- IP Range - e.g. 192.168.1.1-192.168.1.16
- CIDR bits notation - e.g. 192.168.1.0/30
- CIDR netmask notation - e.g. 192.168.1.0/255.255.255.0
- Filename - prefixed with {file} to load the file from
- URL starting with https:// or http:// to load an IP Reputation Database from
When ranges are loaded from a file or remote URL, any lines starting with # are ignored.
Default: empty
JSON key: include
Exclude IPs
Here, you can add an IP address or pattern that will be excluded from the list. If an IP matches an entry here, it will not be checked against the include list.
You can specify:
- Single IP address
- IP Range - e.g. 192.168.1.1-192.168.1.16
- CIDR bits notation - e.g. 192.168.1.0/30
- CIDR netmask notation - e.g. 192.168.1.0/255.255.255.0
- Filename - prefixed with {file} to load the file from
URL starting with https:// or http:// to load an IP Reputation Database from
When ranges are loaded from a file or remote URL, any lines starting with # are ignored.
Default: empty
JSON key: exclude
As of Ceptor v6.3.4, you can also specify IPv6 adresses, both in CIDR and range notation, and you can also specify IPv4 wildcard format ending with .*
, e.g. 192.168.*
This is possible for both included and excluded IPs
© Ceptor ApS. All Rights Reserved.