Filters

 

You can enable access filters for this connection by checking the Enable access filters checkbox. This will allow you to set certain limitations, based on the IP and/or MAC address.

Each filter definition consists of pairs of filter name and filter descriptions. Pairs are delimited with a new line or using the ; character.

Filter syntax

(allow_|deny_)(all|ip|mac) <filter description> [;(allow_|deny_)(ip|mac) <filter description 1> ...]

First part of the pair begins with allow_ or deny_ and is followed by ip or mac (applying IP or MAC filtering). The second part (filter_description) depends on the filtering type - either an IP address/subnet/... or a MAC address using the aa-bb-cc-dd-ee format.

When accessing a computer, its access rules are read from the top down and stop immediately when a rule is matched, whether it is allow or deny. If it gets to the bottom of the list, deny_all is implicitly used - i.e. if all the rules fail to match and it gets to the bottom of the list, access is denied. This means that you do not need to append deny_all to your list.

Examples

Example 1

deny_ip 192.168.0.14
allow_ip 192.168.0.13/255.255.255.0
allow_mac 00-19-d1-06-c9

This will allow connections from any IP in the 192.168.0.* subnet except 192. coming from the 00-19-d1-06-c9 MAC address with any IP.

Important: IP and MAC addresses can be spoofed, so filters alone are not a substitute for a strong access password!

Example 2

In this example we will deny the ip 192.168.0.14

The filter shows that the IP has been denied.

If you try to make a connection to this IP, ISL AlwaysOn will attempt to download but when it tries to access the client you receives this error message.

Tags: isl alwayson, settings, advanced, filters, access filters, allow, deny, ip

Was this article helpful?