Create custom network access definitions in macOS Server
You can create IP address groups to control access to the services you provide. These ranges can be ones you control on your private network, or they can be any publicly accessible IP address range. You can use different IP address ranges for specific services and use more than one range per service.
There are already some IP address groups that have their own special designation. They are:
Private networks: This automatically includes all non-routable IP address ranges for IPv4 and IPv6 (like 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16).
(Only) this Mac: This includes only the link local address (127.0.0.1 for IPv4 and ::1 for IPv6).
All networks: This includes any IPv4 or IPv6 address.
You can name your ranges anything you choose, but you can’t rename the special designations or use the special designations for your own ranges.
Define IP address groups
In the sidebar of the Server app
, select your server, then click Access.Click the More button
under the Custom Access area, then choose Edit Networks.Click
.Enter the IP address group name, a starting IP address, and an ending IP address.
You can put an address range in CIDR notation (for example, 10.0.0.1/16) in the Start IP Address field, then the ending address will automatically be entered.
Continue to edit the list, as desired.
To add more address groups, repeat as needed.
To remove an address group, select it and click the Remove button
.
Create an IP address group while customizing service access
While defining service access by network, you can create a new IP address group instead of choosing an existing one.
In the sidebar of the Server app
, select your server, then click Access.Click the More button
under the Custom Access area, then choose Edit Networks.While customizing service access, click the “When connecting from” pop-up menu, then choose “only some networks.”
In the sheet, click the Add button
, then select “Create a new network.”Enter the IP address group name, a starting IP address, and an ending IP address.
You can put an address range in CIDR notation (for example, 10.0.0.1/16) in the Starting IP Address field, then the ending address will automatically be entered.
Click Create.