Allow from only specific IPs

Okay so I have a site I want to only be accessed from two specific IPs and to block every other IP. The issue is I can do that with a single IP, but if I add the second one in a firewall rule as an “or” it still does not allow the second one. This makes no sense to me. What am I doing wrong. This should process this as a single rule is my understanding, not look at them as one then the other?

Is there a way I can do this?

You need an AND instead of an OR here - that should work for you.

To explain further, if you read the rule out aloud you can better understand what is happening, what you have configured is:

If the IP is not OR is not then block

So… if the IP is what happens? Well… it fails the first test:

If the IP is not

So all good so far. But then run into the second test:

OR is not then block

Well, is not so you will block it.

This is a common pitfall with “does not equal” logic and an easy mistake to make. Change that OR to an AND and you should get the behaviour you’re looking for.


Thank you so much Simon, yeah the negatives threw me. I also found a workaround just before you posted this response using not in list, and created a whitelist of IPs.

But greatly appreciated pointing that error out!


This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.