FileZilla Forums

Hi,

I have been given a project needing an FTP server with IP Filtering. I have searched the forum, and read through many pages of posts, but I wasn't able to get a clearer picture.

Here is what I am needing to do:

Block * traffic at the server level

Allow only single IP, say 192.168.100.1, access for user1

Allow * access for user2

Allow CIDR range for user3

Is that possible? I've used Filezilla Server before, but I've never had to use IP Filtering to the extend that's needed in this case.

TIA for any information.

IP filtering in FileZilla Server is possible on three stages:
1. Global. The same for anyone accessing your server.
2. Group level.
3. User level.

For your case I recommend using the IP filtering on User level. There's an IP Filter tab in the FTP user account setup you can use for this.
The upper field is for blacklisting. User 1 and user 3 would need to have an asterisk (*) set there (it disallows everyone using the account from accessing).
The lower field is used for whitelisting and does only work together with the other one. It defines exceptions from the blacklisting rule above, so you'd specify the single IP in the user 1 account setup and the CIDR range in setup for user 3.

User 2 doesn't need to have any entry since ''Allow all'' is default. This is, of course, under the assumption you didn't specify anything in the global or group settings (if used).

boco wrote:IP filtering in FileZilla Server is possible on three stages:
1. Global. The same for anyone accessing your server.
2. Group level.
3. User level.

For your case I recommend using the IP filtering on User level. There's an IP Filter tab in the FTP user account setup you can use for this.
The upper field is for blacklisting. User 1 and user 3 would need to have an asterisk (*) set there (it disallows everyone using the account from accessing).
The lower field is used for whitelisting and does only work together with the other one. It defines exceptions from the blacklisting rule above, so you'd specify the single IP in the user 1 account setup and the CIDR range in setup for user 3.

User 2 doesn't need to have any entry since ''Allow all'' is default. This is, of course, under the assumption you didn't specify anything in the global or group settings (if used).

Thank you very much for the information! Just one little bit of clarification:

I cannot have a server that blocks everything by default (global), and then allow * at the user level so only that particular user can access FTP everywhere?

Thanks again!

I cannot have a server that blocks everything by default (global), and then allow * at the user level so only that particular user can access FTP everywhere?

Correct.