APC NBRK0550 Home Security System User Manual


 
84NetBotz Appliance User’s Guide
posted to a monitoring StruxureWare Data Center Expert server.
Configuring IP filters
The IP filter has four behaviors when dealing with incoming network packets:
If there are no filter entries, all packets are accepted by the appliance.
If there are filter entries, those filter entries are evaluated in order from first to last as they appear
in the entry list.
If a filter matches the corresponding packet data, the network packet is either accepted or rejected
by the appliance based on that rule.
If no filter is matched, the network packet is accepted. If this is not the desired behavior, a
"catch-all" filter must be placed at the end
of the list, which will block all undesired IP addresses.
As soon as the IP Filter finds a filter that applies to the network packet, it stops evaluating filters and
applies the behavior (accept or reject) specified by the current filter entry. Therefore, a rule rejecting all
IP addresses must be placed at the end
of the list.
Since rules are applied from top-to-bottom, any rules listed after the all-IP filter are ignored. For
example, you cannot deny access to all IP addresses, then open up exceptions later in the list. Only the
first rule that applies to the IP address is resolved.
WARNING: If you are overly restrictive when setting up your IP filters, it is possible to
lock out all web access to the appliance! Exercise caution when setting up your IP filters.
Using CIDR bit-masks
An IP address can contain the CIDR bit-mask syntax for address segments that are specified as "0", for
example:
192.168.0.0/16 means all segments and nodes on 192.168.
192.168.0.0/24 means all nodes on 192.168.0.
192.168.0.0/32 means the specific node at 192.168.0.0, and is the same as not specifying a CIDR
bit-mask.
Note: To specify all IP addresses, use the syntax "Exclude 0.0.0.0/32".
Warning: Setting the action to "Exclude" can lock out access to the appliance through
the Web Client and Advanced View.