Table of Contents
Advertisement
5.9.3.2. Linux Operators and Wild Cards
In addition to merely entering a specific IP address or partial IP address in the Allow or
Deny list, you may also use any standard Linux operator or wild card. In most cases,
the only operator used is "EXCEPT" and the only wild card used is "ALL," but more
experienced Linux users may note that other operators and wild cards may also be
used.
EXCEPT:
This operator creates an exception in either the "allow" list or "deny" list.
For example, if the Allow list includes a line which reads "192. EXCEPT 192.255.255.6,"
then all IP address that begin with "192." will be allowed; except 192.255.255.6
(providing that this address appears in the Deny list.)
ALL:
The ALL wild card indicates that all IP Addresses should be allowed or denied. When
ALL is included in the Allow list, all IP addresses will be allowed to connect; conversely,
if ALL is included in the Deny list, all IP Addresses will be denied (except for IP
addresses listed in the Allow list.)
For example, if the Deny list includes a line which reads "ALL EXCEPT 168.255.192.192,"
then all IP addresses except 168.255.192.192 will be denied (except for IP addresses
that are listed in the Allow list.)
Net/Mask Pairs:
An expression of the form "n.n.n.n/m.m.m.m" is interpreted as a "net/mask" pair. A host
address is matched if "net" is equal to the bitwise AND of the address and the "mask."
For example, the net/mask pattern "131.155.72.0/255.255.254.0" matches every address
in the range "131.155.72.0" through "131.155.73.255."
5.9.3.3. IP Security Examples
1.
Mostly Closed: Access is denied by default and the only clients allowed,
are those explicitly listed in the Allow list. To deny access to all clients except
192.255.255.192 and 168.112.112.05, the Allow and Deny lists would be defined as
follows:
• Allow List:
1. 192.255.255.192
2. 168.112.112.05
• Deny List:
1. ALL
5-55
Basic Configuration
Advertisement
Table of Contents
