To create a global restriction that will apply to all virtual servers, enter LOGIN in the FTP commands field of the per-command options form on the module's main page, then click Create. If you only want to limit who can connect to a particular virtual server, click on its icon before entering LOGIN into the same form on the virtual server options page.

Regardless of at what level the restriction is being defined, you will be taken to the per-command options page shown in Figure 40.5. Click on the Access Control icon to go to the aptly named Access control form.

The Restrict access table can be used to block clients from certain IP addresses by entering a series of rules. The three radio buttons at the top control the order in which entries in the table are evaluated. If Deny then allow is selected, any client that matches a Deny row or which does not match an Allow row will be blocked. Conversely, if Allow then deny is chosen, only clients that match a Deny row and do not match an Allow will be prevented from logging in. This mode is also the default.

The table will always have one empty row for adding a new rule, and because this is a new set of per-commands options, that is all it will initially contain. In the empty row, select either Allow or Deny from the Action menu. Then, from the Condition menu, choose one of the following to determine which clients match and thus are allowed or denied.

All All clients match, no matter where they are from.

None No clients match the rule.

IP address Only clients from the IP address entered in the adjacent text field match.

Network Only clients from the entered IP network match. The network address must be a partial IP with a trailing dot, like 192.168.1.

Hostname Only clients whose IP address reverse-resolves to the entered name match. You can specify an entire domain by putting a dot at the front, like .example.com.

If you want to add more than one rule, you will need to re-enter this page after saving so that a new blank row appears. To delete a rule, select the blank option from the Action menu.

When you are finished entering client restrictions, click the Save button at the bottom of the form. Then return to the main page and click Save and Apply to activate them.