Filters

 

You can enable access filters for this connection by checking the Enable access filters checkbox. This will allow you to set certain limitations, based on the IP and/or MAC address.

Each filter definition consists of pairs of filter name and filter descriptions. Pairs are delimited with a new line or using the ; character.

Filter syntax

(allow_|deny_)(all|ip|mac) <filter description> [;(allow_|deny_)(ip|mac) <filter description 1> ...]

First part of the pair begins with allow_ or deny_ and is followed by ip or mac (applying IP or MAC filtering). The second part (filter_description) depends on the filtering type - either an IP address/subnet/... or a MAC address using the aa-bb-cc-dd-ee format.

When accessing a computer, its access rules are read from the top down and stop immediately when a rule is matched, whether it is allow or deny. If it gets to the bottom of the list, deny_all is implicitly used - i.e. if all the rules fail to match and it gets to the bottom of the list, access is denied. This means that you do not need to append deny_all to your list.


 

Example

deny_ip 192.168.0.14
allow_ip 192.168.0.13/255.255.255.0
allow_mac 00-19-d1-06-c9

This will allow connections from any IP address in the 192.168.0.* subnet except 192.168.0.14 will be rejected.

It will also allow connection coming from the 00-19-d1-06-c9 MAC address with any IP address.

Important: IP and MAC addresses can be spoofed, so filters alone are not a substitute for a strong access password!


 

If you try to make a connection from 192.168.0.14 IP address, ISL Light will show this "Access filters do now allow you to access this computer."


 

Tags: isl alwayson, settings, advanced, filters, access filters, allow, deny, ip, a-manual-settings-advanced-filters

Was this article helpful?