Is there a way in Lightsail's firewall to accept all connections except from a particular IP?

OrdiNeu

5/7/23, 5:14 PM

In Lightsail's Networking tab, they have the option to allow certain IPs through their firewall. Is there a way to allow all IPs except for a certain IP? The AWS guide says that there is no way to deny an IP address, but can I set up an allow filter for everybody except for one IP? This is for a stopgap solution while we figure out how to handle one user who is (perhaps inadvertently) very slowly spamming connections.

Lightsail's firewall page for reference

0 + 0

firewall

amazon-web-services

amazon-lightsail

Score:0

Server

barbecue

5/7/23, 6:18 PM

Allowing ALL IPs except for one probably wouldn't be possible because you'd hit the limit on the number of rules you're allowed to add before you whitelisted everything.

A more practical approach would be to identify those ranges that you DO want to allow and whitelist those. Unless you genuinely expect to receive requests from all over the world, this is probably going to be easier to do.

If you want to try this I recommend using the CLI rather than the web console as you could script the entire process.

Always be sure you don't lock yourself out by making sure your own business IP range is whitelisted first.

Given the limitations you have to work with, your best option is probably to look at a filtering option on the server itself, such as an OS firewall or application-level filtering. Specifics of this will depend on the operating system and application in use.

0 + 0

OrdiNeu

5/7/23, 6:25 PM

I see... unfortunately this is for a live server that has been accepting players from all around the world (we're still uncertain if what we're seeing from this one user is a malicious attack or what). Thank you for the insight.

barbecue

5/7/23, 6:27 PM

Your best bet would probably be to look for a filtering option to implement on the server itself, like an OS firewall.

OrdiNeu

5/7/23, 6:35 PM

If you put that as an answer I can accept it, that seems like it might be the best solution to my particular situation. Thank you so much!

barbecue

5/7/23, 6:56 PM

@OrdiNeu it's done.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Is there a way in Lightsail's firewall to accept all connections except from a particular IP?

TH: มีวิธีใดในไฟร์วอลล์ของ Lightsail ที่จะยอมรับการเชื่อมต่อทั้งหมด ยกเว้นจาก IP เฉพาะ

RO: Există o modalitate în firewall-ul Lightsail de a accepta toate conexiunile, cu excepția unui anumit IP?

RU: Есть ли способ в брандмауэре Lightsail принимать все соединения, кроме как с определенного IP-адреса?

VI: Có cách nào trong tường lửa của Lightsail để chấp nhận tất cả các kết nối ngoại trừ từ một IP cụ thể không?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.