Using Address Ranges
When you create filters using Server Admin, you enter an IP address and the CIDR format subnet mask. Server Admin shows you the resulting address range, and you can change the range by modifying the subnet mask. When you indicate a range of possible values for any segment of an address, that segment is called a wildcard. The following table gives examples of address ranges created to achieve specific goals.
| Sample | Enter this in the | Address range |
| |||
Goal | IP address | address field: | affected |
Create a filter that specifies a | 10.221.41.33 | 10.221.41.33 or | 10.221.41.33 |
single IP address. |
| 10.221.41.33/32 | (single address) |
|
|
|
|
Create a filter that leaves the | 10.221.41.33 | 10.221.41.33/24 | 10.221.41.0 to |
fourth segment as a wildcard. |
|
| 10.221.41.255 |
|
|
|
|
Create a filter that leaves part of | 10.221.41.33 | 10.221.41.33/22 | 10.221.40.0 to |
the third segment and all of the |
|
| 10.221.43.255 |
fourth segment as a wildcard. |
|
|
|
|
|
|
|
Create a filter that applies to all |
| Select “Any” | All IP addresses |
incoming addresses. |
|
|
|
|
|
|
|
Rule Mechanism and Precedence
The filter rules in the General panel operate in conjunction with the rules shown in the Advanced panel. Usually, the broad rules in the Advanced panel block access for all ports. These are
For most normal uses, opening access to designated services in the advanced panel is sufficient. If necessary, you can add additional rules using the Advanced panel, creating and ordering them as needed.
Multiple IP Addresses
A server can support multiple homed IP addresses, but firewall service applies one set of filters to all server IP addresses. If you create multiple alias IP addresses, then the filters you create will apply to all of those IP addresses.
Chapter 3 IP Firewall Service
47
