Manualshelf

User`s guide

ManualsBrandsWTI ManualsComputer equipmentNPS-115
71727374757677787980
5-44
Basic Configuration
5.9.3.2. LinuxOperatorsandWildCards
In addition to entering a specific IP address or partial IP address in the Allow or Deny
list, you may also use standard Linux operators or wild cards. In most cases, the only
operator used is "EXCEPT" and the only wild card used is "ALL," but more experienced
Linux users may note that other operators and wild cards may also be used.
EXCEPT:This operator creates an exception in either the "allow" list or "deny" list. For
example, if the Allow list includes a line which reads "192. EXCEPT 192.255.255.6," then
all IP address that begin with "192." will be allowed; except 192.255.255.6 (providing that
this address appears in the Deny list.)
ALL:The ALL wild card indicates that all IP Addresses should be allowed or denied.
When ALL is included in the Allow list, all IP addresses will be allowed to connect;
conversely, if ALL is included in the Deny list, all IP Addresses will be denied (except for
IP addresses listed in the Allow list.) For example, if the Deny list includes a line which
reads "ALL EXCEPT 168.255.192.192," then all IP addresses except 168.255.192.192 will
be denied (except for IP addresses that are listed in the Allow list.)
Net/MaskPairs:An expression of the form "n.n.n.n/m.m.m.m" is interpreted as a "net/
mask" pair. A host address is matched if "net" is equal to the bitwise AND of the address
and the "mask." For example, the net/mask pattern "131.155.72.0/255.255.254.0"
matches every address in the range "131.155.72.0" through "131.155.73.255."
5.9.3.3. IPSecurityExamples
1. MostlyClosed: Access is denied by default and the only clients allowed,
are those explicitly listed in the Allow list. To deny access to all clients except
192.255.255.192 and 168.112.112.05, IP Security would be defined as follows:
Allow List:
1. 192.255.255.192
2. 168.112.112.05
Deny List:
1. ALL
2. MostlyOpen: Access is granted by default, and the only clients denied access,
are those explicitly listed in the Deny list. To allow access to all clients except
192.255.255.192 and 168.112.112.05, the IP Security would be defined as follows:
Allow List:
1. ALL EXCEPT 192.255.255.192, 168.112.112.05
Deny List:
1. 192.255.255.192, 168.112.112.05
Notes:
When defining a line in the Allow or Deny list that includes several IP
addresses, each individual address is separated by either a space, a comma,
or a comma and a space as shown in Example 2 above.
Take care when using the "ALL" wild card. When ALL is included in the Allow
list, it should always include an EXCEPT operator in order to allow the unit to
proceed to the Deny list and determine any addresses you wish to deny.