Networking Guide to Whitelist IPs

This guide outlines the steps to whitelist the provided IP ranges in your network. Whitelisting ensures traffic from the specified IPs is allowed access to your infrastructure, improving security and compatibility with the required services.

IPv4 and IPv6 Addresses to Whitelist

IPv4 Ranges

173.245.48.0/20
103.21.244.0/22
103.22.200.0/22
103.31.4.0/22
141.101.64.0/18
108.162.192.0/18
190.93.240.0/20
188.114.96.0/20
197.234.240.0/22
198.41.128.0/17
162.158.0.0/15
104.16.0.0/13
104.24.0.0/14
172.64.0.0/13
131.0.72.0/22

IPv6 Ranges

2400:cb00::/32
2606:4700::/32
2803:f800::/32
2405:b500::/32
2405:8100::/32
2a06:98c0::/29
2c0f:f248::/32

Steps to Whitelist IPs

1. Firewall Configuration

For Firewalls Supporting CIDR Notation

1. Log in to your firewall or router's admin interface.
2. Navigate to the Access Control or IP Filtering section.
3. Add the above IP ranges to the whitelist or allowed IPs list.
4. Save and apply the configuration.

Example Commands for Firewalls with Command Line Access

• Usingiptables (Linux Firewalls)

  Bash

  # IPv4 example
  iptables -A INPUT -s 173.245.48.0/20 -j ACCEPT
  iptables -A INPUT -s 103.21.244.0/22 -j ACCEPT
  # Repeat for other IPv4 ranges
  
  # IPv6 example
  ip6tables -A INPUT -s 2400:cb00::/32 -j ACCEPT
  ip6tables -A INPUT -s 2606:4700::/32 -j ACCEPT
  # Repeat for other IPv6 ranges

• Using Cisco ASA

  plaintext

  # IPv4 example
  access-list allowed_ips extended permit ip 173.245.48.0 255.255.240.0 any
  access-list allowed_ips extended permit ip 103.21.244.0 255.255.252.0 any
  # Repeat for other IPv4 ranges
  
  # IPv6 example
  ipv6 access-list allowed_ips
  permit ipv6 2400:cb00::/32 any
  permit ipv6 2606:4700::/32 any
  # Repeat for other IPv6 ranges

For Cloud-Based Firewalls (AWS, Azure, GCP)

1. Access the Security Group or Firewall Rules section in the cloud console.
2. Create inbound rules to allow traffic from the specified IP ranges for the required ports (e.g., 80 for HTTP, 443 for HTTPS).
3. Save the rules and apply them to the respective resources.

2. Web Server Configuration

For Nginx

1. Open the Nginx configuration file (e.g., /etc/nginx/nginx.conf or a specific site configuration file in /etc/nginx/sites-available/).
2. Add the following lines to restrict access to only the allowed IPs:
   nginx

   allow 173.245.48.0/20;
   allow 103.21.244.0/22;
   allow 2400:cb00::/32;
   allow 2606:4700::/32;
   # Repeat for all other IP ranges
   deny all;

3. Restart Nginx to apply changes:
   Bash

   sudo systemctl restart nginx

For Apache

1. Open the Apache configuration file (e.g., /etc/apache2/apache2.conf or the virtual host file).
2. Use the following Require directives:
   apache

   <Directory /var/www/html>
       Require ip 173.245.48.0/20
       Require ip 103.21.244.0/22
       Require ip 2400:cb00::/32
       Require ip 2606:4700::/32
       # Repeat for all other IP ranges
   </Directory>

3. Restart Apache to apply changes:
   Bash

   sudo systemctl restart apache2

3. Verify Whitelisting

• Use ping or traceroute to check connectivity from the whitelisted IP ranges.
• Use firewall logs to ensure traffic from the allowed IPs is not being blocked.

Best Practices

1. Review IP Ranges Regularly: Ensure the IPs are updated if there are changes from the service provider.
2. Test Configurations: Always test in a staging environment before applying to production.
3. Monitor Traffic: Use monitoring tools to ensure traffic from these IPs is correctly routed and handled.

If you encounter issues or need further assistance, contact your network administrator or NewRosetta support.