IP Filter Rules
IP filters are named groups of filter rules that either deny or allow access based on the standard IPv4 or IPv6 address best practice for naming rules.
The format of the IP filter is a text definition that contains one or more lines defining the rules. Each line starts with either:
allow- allow the IP address or address range
deny- deny the IP address or address range
The address specification can take of the form of:
allapplies to all IP addresses.
IPv4 or IPv6 address - applies to only a single address
IPv4 or IPv6 range using CIDR subnet specification
would deny access from all IP addresses.
To allow an internal user to access from their laptop by setting a single IPv4 subnet:
To deny access from an IPv6 range:
These rules can be combined, with deny rules taking precedence over allow rules. For example, to deny access to all hosts, allow access for a single IP range, but deny access to a single host the IP filter would be:
deny all apply 192.168.0.1/24 deny 192.168.0.80