RSM Series; Remote Site Managers - User’s Guide
5.7.4. Implementing IP Security
The RSM can restrict unauthorized IP addresses from establishing an inbound
Telnet connection to the unit. This allows the user to grant Telnet access to
only a speciﬁc group of IP addresses, or block a particular IP address. In the
default state, the RSM accepts incoming IP connections from all hosts.
The IP Security Function employs a TCP Wrapper program which allows the
use of standard, Linux operators, wild cards and net/mask pairs to create a host
based access control list.
As shown in Figures 5.14 and 5.15, the IP Security conﬁguration menus
include "hosts.allow" and "hosts.deny" client lists. Basically, when setting
up IP Security, you must enter IP addresses for hosts you wish to allow in the
Allow list, and addresses for hosts you wish to deny in the Deny list. Since
Linux operators, wild cards and net/mask pairs are allowed, these lists can
indicate speciﬁc addresses, or a range of addresses to be
allowed or denied.
When the IP Security feature is properly enabled, and a client attempts to
connect, the RSM will perform the following checks:
1. If the client’s IP address is found in the "hosts.allow" list, the client will
be granted immediate access. Once an IP address is found in the Allow
list, the RSM will not check the Deny list, and will assume you wish to
allow that address to connect.
2. If the client’s IP address is not found in the Allow list, the RSM will then
proceed to check the Deny list.
3. If the client’s IP Address is found in the Deny list, the client will not be
allowed to connect.
4. If the client’s IP Address is not found in the Deny list, the client will be
allowed to connect, even if the address was not found in the Allow list.
• If the RSM ﬁnds an IP Address in the Allow list, it will not check the
Deny list, and will allow the client to connect.
• If both the Allow and Deny lists are left blank, then the IP Security
feature will be disabled, and all IP Addresses will be allowed to
connect (providing that the proper password and/or SSH key is
• When the Allow and Deny lists are deﬁned, the user is only allowed
to specify the Client List; the Daemon List and Shell Command
cannot be deﬁned.