Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
nbdkit-ip-filter(1)		    NBDKIT		   nbdkit-ip-filter(1)

NAME
       nbdkit-ip-filter	- filter clients by IP address

SYNOPSIS
	nbdkit --filter=ip PLUGIN [allow=addr[,addr...]]
				  [deny=addr[,addr...]]

DESCRIPTION
       "nbdkit-ip-filter" can whitelist	or blacklist clients by	their IP
       address.	 Usually it is better to control this outside nbdkit, for
       example using TCP wrappers or a firewall, but this filter can be	used
       if these	are not	available.

EXAMPLES
	nbdkit --filter=ip [...] allow=127.0.0.1,::1 deny=all

       Allow clients to	connect	on the loopback	IPv4 or	loopback IPv6 address,
       deny all	other clients.

	nbdkit --filter=ip [...] deny=8.0.0.0/8

       Allow any client	except connections from	the IPv4 "8.0.0.0/8" network.

	nbdkit --filter=ip [...] allow=anyipv6 deny=all

       Allow IPv6 clients to connect from anywhere, deny all IPv4 connections.

RULES
       When a client connects, this filter checks its IP address against the
       allow and deny lists as follows:

       1.  If the address matches any in the allow list, permission is
	   granted.

       2.  If the address matches any in the deny list,	permission is denied.

       3.  Otherwise permission	is granted.

       If either the "allow" or	"deny" parameter is not	present	then it	is
       assumed to be an	empty list.  The order in which	the parameters appear
       on the command line does	not matter; the	allow list is always processed
       first and the deny list second.

       The "allow" and "deny" parameters each contain a	comma-separated	list
       of any of the following:

       all
       any These keywords (which both have the same meaning) match any IP
	   address.

       allipv4
       anyipv4
	   These keywords match	any IPv4 address.

       allipv6
       anyipv6
	   These keywords match	any IPv6 address.

       A.B.C.D
	   This	matches	the single IPv4	address	"A.B.C.D", for example
	   127.0.0.1.

       A.B.C.D/NN
	   This	matches	the range of IPv4 addresses "A.B.C.D/NN", for example
	   "192.168.2.0/24" or "10.0.0.0/8".

       A:B:...
	   This	matches	the single IPv6	address	"A:B:...".  The	usual IPv6
	   address representations can be used (see RFCA 5952).

       A:B:.../NN
	   This	matches	a range	of IPv6	addresses "A:B:.../NN".

   Not filtered
       If neither the "allow" nor the "deny" parameter is given	the filter
       does nothing.

       The filter permits non-IP connections, such as Unix domain sockets or
       AF_VSOCK.

PARAMETERS
       allow=addr[,...]
	   Set list of allow rules.  This parameter is optional, if omitted
	   the allow list is empty.

       deny=addr[,...]
	   Set list of deny rules.  This parameter is optional,	if omitted the
	   deny	list is	empty.

FILES
       $filterdir/nbdkit-ip-filter.so
	   The filter.

	   Use "nbdkit --dump-config" to find the location of $filterdir.

VERSION
       "nbdkit-ip-filter" first	appeared in nbdkit 1.18.

SEE ALSO
       nbdkit(1), nbdkit-exitlast-filter(1), nbdkit-limit-filter(1),
       nbdkit-filter(3).

AUTHORS
       Richard W.M. Jones

COPYRIGHT
       Copyright (C) 2019 Red Hat Inc.

LICENSE
       Redistribution and use in source	and binary forms, with or without
       modification, are permitted provided that the following conditions are
       met:

       o   Redistributions of source code must retain the above	copyright
	   notice, this	list of	conditions and the following disclaimer.

       o   Redistributions in binary form must reproduce the above copyright
	   notice, this	list of	conditions and the following disclaimer	in the
	   documentation and/or	other materials	provided with the
	   distribution.

       o   Neither the name of Red Hat nor the names of	its contributors may
	   be used to endorse or promote products derived from this software
	   without specific prior written permission.

       THIS SOFTWARE IS	PROVIDED BY RED	HAT AND	CONTRIBUTORS ''AS IS'' AND ANY
       EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
       IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
       PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT OR CONTRIBUTORS BE
       LIABLE FOR ANY DIRECT, INDIRECT,	INCIDENTAL, SPECIAL, EXEMPLARY,	OR
       CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
       SUBSTITUTE GOODS	OR SERVICES; LOSS OF USE, DATA,	OR PROFITS; OR
       BUSINESS	INTERRUPTION) HOWEVER CAUSED AND ON ANY	THEORY OF LIABILITY,
       WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
       OTHERWISE) ARISING IN ANY WAY OUT OF THE	USE OF THIS SOFTWARE, EVEN IF
       ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

nbdkit-1.20.4			  2021-03-01		   nbdkit-ip-filter(1)

NAME | SYNOPSIS | DESCRIPTION | EXAMPLES | RULES | PARAMETERS | FILES | VERSION | SEE ALSO | AUTHORS | COPYRIGHT | LICENSE

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=nbdkit-ip-filter&sektion=1&manpath=FreeBSD+13.0-RELEASE+and+Ports>

home | help