Access Control Lists (ACLs) are a security mechanism that allow you to define which IP address ranges are permitted to communicate with your remote-backups.com datastore. By specifying allowed IP ranges, you can restrict access and reduce the risk of unauthorized connections, adding an additional layer of protection for your backups.

While Proxmox Backup Server (PBS) itself does not natively support ACL configuration, remote-backups.com implements this functionality via an ingress proxy. Only datastores that use this ingress proxy can be secured with ACLs.

How to Use ACLs

• ACLs accept both IPv4 and IPv6 address ranges in CIDR notation.
• You can define multiple IP ranges to cover different trusted networks or office locations.
• Any traffic originating from IPs outside the defined ACL ranges will be denied communication with the datastore.
• This is particularly useful for enforcing network security policies or limiting access to known infrastructure.

Setting Up ACLs

• In the remote-backups.com dashboard navigate to your profile on the top right and go to security
• Enter one or more IP ranges in CIDR format. Example: 192.168.1.0/24 for an IPv4 range or 2001:db8::/32 for an IPv6 range.
• Save your changes to apply the ACL.

Test access by connecting only from allowed IPs to confirm the ACL is functioning.

Example Use Case

Suppose your company office uses an IPv4 subnet 203.0.113.0/24 and a remote office uses 198.51.100.0/24. You can add both ranges to the ACL settings so that only devices from these two subnets are allowed to access the backup datastore. This ensures tighter security as all other IP addresses outside these ranges will be blocked.