Everyone completely lost me at the rate limiting discussion since the original poster's question about "limiting access" which almost always refers to blocking connections to all IP's except the poster's own IP address ...
I can only speculate the reason why they would want to block other connections and it is a bit odd since it would effectively make the server only usable by the owner only and not by anyone else who might otherwise have accounts on the server. Perhaps they only have the server setup for their own use?
However ...
Code:
iptables -A INPUT -s ! x.x.x.x -p tcp --dport 2082:2087 -j DROP
(By the way, x.x.x.x is your IP address and DO NOT forget the exclamation point!)
For those not so versed in the use of IPTABLES, the above command basically tells the firewall to drop all TCP packets destined for ports 2082 through 2087 (cpanel port) which does not originate from the given IP address.
The above just kills connections to all except for the IP given. As for rate limiting connections though ....
Here is a set of rules to rate limit Cpanel connections to 3 attempts per minute to all except a specific IP address PLUS if any rate limited visitor establishes any additional NEW connections beyond the allowed 3 within a 60 second period following a previous allowed connection and sends more than 5 packets, they get their connections to Cpanel dropped entirely so that will help prevent anyone trying to flood opening up Cpanel logins as well :
Code:
iptables -A INPUT -s ! x.x.x.x -p tcp --dport 2082:2087 -m state --state NEW -m recent --set
iptables -A INPUT -s ! x.x.x.x -p tcp --dport 2082:2087 -m state --state NEW -m recent --update --seconds 60 --hitcount 5 -j DROP
To ServerSignature:
You may want to be a little more careful with those IPTABLE recommendations:
Code:
-s ! $MY_IP -m limit
If someone were to use exactly what you posted, you would rate limit not just CPANEL but EVERY CONNECTION on the entire server that doesn't originate from the source IP address. That means that FTP, normal web access (ouch!), email, and completely everything will be rate limited and not just by service type either! Each and every connection made to the server that didn't originate from the specified IP address would be counted into that rate limit as a whole
effectively bringing down the entire server and rendering it effectively useless to the outside world and also making the server virtually unable to function except for exclusive connections to the IP you specified!
Not exactly what you were intending ey? 
If you were going to blindly rate limit the CPANEL connections to the default then I would probably do a variation of what you said something more along the lines of the following:
Code:
iptables -A INPUT -s ! x.x.x.x -p tcp --dport 2082:2087 -m limit
There you have it fans! Blocking or rate limiting connections to Cpanel except for one address or CIDR range!
LinkBack URL
About LinkBacks
How to limit Access to CPanel from 1 IP?
Originally Posted by serversignature
Reply With Quote