# Firewalls and ACLs

A key security mechanism in Couchdrop is ACLs. ACLs limit access to particular IP addresses or netwrok ranges.

There are three levels of ACL controls in Couchdrop:

* User based
* Group based
* Tenant based

ACLs are additive, in that if the user authenticating originates from an IP address in a range at all three levels, then we will allow the request. 

Configuring an IP address or network range is simple:

<figure><img src="https://391958821-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FpokYqd27yrOUxIBhyvbF%2Fuploads%2F1hrlHD8ZoNqHNUeobqmS%2FScreenshot%202024-03-25%20at%2010.35.21%20AM.png?alt=media&#x26;token=e97fb8c5-8f86-4bc5-a425-e8528b111bfa" alt=""><figcaption></figcaption></figure>