How to Implement IP Filtering in FileZilla Server: Deny All IPs Except One Using CIDR Notation


2 views

The FileZilla Server interface provides a straightforward way to filter connections through its IP Filter dialog. The interface contains two main text areas:

  • Disallowed IPs (top box): Blocks specified IP ranges
  • Allowed IPs (bottom box): Whitelists IPs that can bypass restrictions

To deny all IP addresses while allowing just one specific IP, you'll need to use proper CIDR notation in the Disallowed IPs box:

# Block entire IPv4 address space
0.0.0.0/0

# Block entire IPv6 address space (if needed)
::/0

In the Allowed IPs box, enter your specific IP in one of these formats:

# For single IPv4 address (most common)
203.0.113.45

# For IPv6 address
2001:db8::1

# If you need to specify a range (CIDR)
203.0.113.45/32

Here's what your IP Filter configuration should look like:

Disallowed IPs:
0.0.0.0/0
::/0

Allowed IPs:
203.0.113.45

After applying these settings:

  • Restart the FileZilla Server service
  • Attempt connection from both the whitelisted IP and other IPs
  • Check server logs for error messages

Common issues include:

  • Forgetting to restart the service after changes
  • Incorrect CIDR notation (like using /32 instead of /0)
  • Not accounting for both IPv4 and IPv6

For more dynamic control, consider FileZilla's Auto-ban feature:

<AutoBan>
  <Enable>1</Enable>
  <Attempts>3</Attempts>
  <ResetTime>30</ResetTime>
  <BanTime>60</BanTime>
</AutoBan>

This automatically blocks IPs after failed attempts while still allowing your whitelisted IP.

The FileZilla Server interface provides a straightforward way to implement IP filtering through its built-in IP Filter GUI. The system uses two separate input boxes:

  • Allowed IPs: Where you specify permitted IP addresses
  • Disallowed IPs: Where you define blocked IP ranges

To deny all IP addresses except your whitelisted one, you'll need to use proper CIDR notation in the first box:

0.0.0.0/0

This represents all possible IPv4 addresses. In the second box, you would then specify your allowed IP:

192.168.1.100

Here's how to properly configure the IP Filter dialog:

1. Open FileZilla Server Interface
2. Navigate to Edit → Settings → IP Filter
3. In the "Disallowed IPs" box enter: 0.0.0.0/0
4. In the "Allowed IPs" box enter your specific IP (e.g., 203.0.113.45)
5. Click OK and restart the FileZilla Server service

Some users encounter problems with this configuration:

  • Multiple Allowed IPs: Separate them with semicolons (203.0.113.45; 198.51.100.22)
  • IPv6 Support: Use ::/0 to block all IPv6 addresses
  • Testing: Always verify from a non-whitelisted IP to confirm the block works

For automated deployments, you can edit the FileZilla Server XML configuration:

<IpFilter>
  <Disallowed>
    <IP>0.0.0.0/0</IP>
  </Disallowed>
  <Allowed>
    <IP>203.0.113.45</IP>
  </Allowed>
</IpFilter>

Save this in your FileZilla Server.xml configuration file and restart the service.