posted to a monitoring StruxureWare Data Center Expert server.
Configuring IP filters
The IP filter has four behaviors when dealing with incoming network packets:
•If there are no filter entries, all packets are accepted by the appliance.
•If there are filter entries, those filter entries are evaluated in order from first to last as they appear in the entry list.
•If a filter matches the corresponding packet data, the network packet is either accepted or rejected by the appliance based on that rule.
•If no filter is matched, the network packet is accepted. If this is not the desired behavior, a
As soon as the IP Filter finds a filter that applies to the network packet, it stops evaluating filters and applies the behavior (accept or reject) specified by the current filter entry. Therefore, a rule rejecting all IP addresses must be placed at the end of the list.
Since rules are applied from
WARNING: If you are overly restrictive when setting up your IP filters, it is possible to lock out all web access to the appliance! Exercise caution when setting up your IP filters.
Using CIDR bit-masks
An IP address can contain the CIDR
192.168.0.0/16 means all segments and nodes on 192.168. 192.168.0.0/24 means all nodes on 192.168.0.
192.168.0.0/32 means the specific node at 192.168.0.0, and is the same as not specifying a CIDR
Note: To specify all IP addresses, use the syntax "Exclude 0.0.0.0/32".
Warning: Setting the action to "Exclude" can lock out access to the appliance through the Web Client and Advanced View.
NetBotz Appliance User’s Guide | 84 |