> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cystack.net/llms.txt
> Use this file to discover all available pages before exploring further.

# IP/CIDR Access Control

> Control and restrict access by single IPs, IP ranges, or CIDR to secure the system

<Card>
  **Use Case:**

  * When an IP address associated with botnet command-and-control infrastructure is detected, administrators can configure a policy to block all device traffic to this IP to prevent potential compromise.
</Card>

Similar to web access control, <code>IP</code> policies allow you to configure the following:

<Steps>
  <Step title={<>Select the action: <code>Block</code> or <code>Allow</code> connection.</>} />

  <Step title="Specify the target IP address(es):">
    * A single IP address (e.g., `192.168.1.0`).
    * An IP range (e.g., `192.168.1.0 – 192.168.1.13`).
    * CIDR notation (e.g., `192.168.1.0/24`).
  </Step>

  <Step title="Select the applicable traffic direction:">
    * `Outbound`: Traffic originating from the device **to** the external IP.
    * `Inbound`: Traffic originating from the external IP **to** the device.
  </Step>

  <Step title="Select target devices:">
    * Apply to device groups (based on tags).
    * Apply to specific individual devices.
  </Step>

  <Step title="Enter a description or reason for the policy." />
</Steps>
