FileZilla Server/FileZilla Pro Enterprise Server implements IP-based filtering, to allow only certain connections and/or disallow others, based on whether the connecting IP address matches the addresses or range of addresses within the two lists. To configure this setting, go to Protocol settings › FTP and FTP over TLS (FTPS) › Passive mode tab.
You can also define filters at the Users or Groups level by navigating to: Rights managements › Users (or Groups) › Filters tab.
Keep in mind that protocol-level filters take precedence: if a filter is set at the protocol level, it will override any conflicting filter defined at the user or group level. This ensures consistent enforcement of protocol-wide rules, while still allowing user- or group-specific filters where they do not contradict protocol settings.
- The Disallowed IP ranges list contains all those IPs that, if matched, will not allow the connection.
- The Allowed IP ranges list contains all those IPs that, if matched, will allow the conncection. Note that if an IP belongs both to the disallowed and the allowed IP ranges, it will be allowed.
The lists can contain single IP address, or IP ranges in the CIDR notation, or IP ranges in the interval form, both IPv4 and IPv6: for example, the range 192.168.0.2-192.168.0.30 defines a closed interval that includes all the IP addresses going from 192.168.0.2 to 192.168.0.30.
Using the asterisk ‘*’ character is equivalent to entering the numbers from 0 to 255.
If both lists are left empty, then no filtering is applied and all connections are allowed.
