diff --git a/security/Group.php b/security/Group.php
index 52662709d..c635af66a 100644
--- a/security/Group.php
+++ b/security/Group.php
@@ -78,11 +78,27 @@ class Group extends DataObject {
 						null,
 						"GroupID = {$this->ID}"
 					)
+				),
+
+				new Tab(_t('Security.IPADDRESSES', 'IP Addresses'),
+					new LiteralField("", _t('SecurityAdmin.IPADDRESSESHELP',"<p>You can restrict this group to a particular 
+						IP address range.  Enter 1 range per line.  Ranges can be in any of the following 4 forms: <br />
+						203.96.152.12<br />
+						203.96.152/24<br />
+						203.96/16<br />
+						203/8<br /><br />If you enter one or more IP address ranges in this box, then members will only get
+						the rights of being in this group if they log on from one of the valid IP addresses.  It won't prevent
+						people from logging in.  This is because the same user might have to log in to access parts of the
+						system without IP address restrictions.")),
+					new TextareaField("IPRestrictions", "IP Ranges", 10)
 				)
 			)
 		);
 
-		if(!Permission::check('EDIT_PERMISSIONS')) $fields->removeFieldFromTab('Root', 'Permissions');
+		if(!Permission::check('EDIT_PERMISSIONS')) {
+			$fields->removeFieldFromTab('Root', 'Permissions');
+			$fields->removeFieldFromTab('Root', 'IP Addresses');
+		}
 		
 		$memberList->setController($this);
 		$memberList->setPermissions(array('show', 'edit', 'delete', 'export', 'add'));