The permanently allow area allows you to manage IP addresses that are permanently allowed through the firewall.
IP addresses listed here will NOT be ignored by the login failure daemon. If you do not want the login failure daemon to block an IP address you must add it to the
Ignoresection.
| Format | Description |
|---|---|
| IP address | 203.0.113.1 |
| CIDR | 203.0.113.0/24 |
| Filter | tcp/udp/icmp|in/out|s/d=port|s/d=ip|u=uid |
You can add more complex port and IP filters using Advanced Allow Filters.
# TCP connections inbound to port 3306 from IP 203.0.113.1
tcp|in|d=3306|s=203.0.113.1
# TCP connections outbound to port 22 on IP 203.0.113.1
tcp|out|d=22|d=203.0.113.1
# TCP connections outbound to port 80 from UID 99
tcp|out|d=80||u=99
# ICMP connections inbound for type ping from 203.0.113.1
icmp|in|d=ping|s=203.0.113.1
# TCP connections inbound to port 22 from dynamic DNS address www.example.com (Allow DynDNS only)
tcp|in|d=22|s=www.example.com
# TCP out port range to dynamic DNS address www.example.com (Allow DynDNS only)
tcp|out|d=30000_65535|d=www.example.com
# TCP connections inbound to port 22,80,443 from IP 203.0.113.1
d=22,80,443|s=203.0.113.1