Unless you are running Webmin on a system that is never connected to any other network, it is a wise idea to restrict which client network addresses are allowed to log in. Because Webmin is so powerful, anyone who manages to log in will have total control over your system—as though they had root shell access. Even though a username and password is always required to log in, it is always good to have an additional layer of security in case an attacker guesses (or somehow discovers) your password. IP access control also protects you from any bugs in Webmin that may show up in future that will allow an attacker to log in without a password—some older releases have had just this problem.
To restrict the IP addresses and networks from which Webmin will accept connections, follow these steps:
1. | |
2. | Click on the icon for IP Access Control. The form shown in Figure 3.1 will appear for restricting client IP addresses. Figure 3.1. The IP access control form. |
3. | Select the option Only allow from listed addresses, and enter the IP addresses or hostnames of client systems in the text box from which you will allow access. If you want to allow access from an entire IP network, enter the address of the network with 0 for the final octet. For example, if you wanted to allow all clients with IP addresses from 192.168.1.0 up to 192.168.0.255, you would enter 192.168.1.0. Networks can also be entered in the standard network/netmask format, like 192.168.1.0/255.255.255.0. You can also grant access from an entire domain by entering a wildcard hostname like *.foo.com, assuming that reverse IP address resolution has been set up for that domain. |
4. |
18.118.205.235