Using Filters

 

You can enable get code filters that limit access based on the IP and/or MAC address - you can set it for a domain or for a specific user on the ISL Conference Proxy.

Each filter definition consists of pairs of filter name and filter descriptions. Pairs are delimited with a new line or using the ; character.

Filter syntax:

(allow_|deny_)(all|ip|mac) <filter description> [;(allow_|deny_)(ip|mac) <filter description 1> ...]

First part of the pair begins with allow_ or deny_ and is followed by ip or mac (applying IP or MAC filtering). The second part (filter_description) depends on the filtering type - either an IP address/subnet/... or a MAC address using the aa-bb-cc-dd-ee format.

When accessing a computer, its access rules are read from the top down and stop immediately when a rule is matched, whether it is allow or deny. If it gets to the bottom of the list, deny_all is implicitly used - i.e. if all the rules fail to match and it gets to the bottom of the list, access is denied. This means that you do not need to append deny_all to your list.

An example:

deny_ip 192.168.0.113

allow_ip 192.168.0.112/255.255.255.0

allow_mac 00-19-d1-06-c9

This will allow connections from any IP in the 192.168.0.* subnet except 192.168.0.113 and allow connections coming from the 00-19-d1-06-c9 MAC address with any IP.


Note: IP and MAC addresses can be spoofed, so never base your security solutions only on that.

To enable filters, please follow these steps:

  1. Login to your ISL Conference Proxy administration (http://localhost:7615/conf).
  2. Go to User management, then select the desired domain or user (whether you want to set filters for a domain or for a specific user).
  3. Click the ISL Light tab.
  4. Uncheck the Desk code request filter and enter the desired filter definitions in the provided space.
  5. Click Save at the bottom.

Was this article helpful?