User's Manual

CHAPTER 5: Configuration
73
5.9.3.2. Linux Operators and Wild Cards
In addition to entering a specic IP address or partial IP address in the Allow or Deny
list, you may also use standard Linux operators or wild cards. In most cases, the
only operator used is "EXCEPT" and the only wild card used is "ALL," but more
experienced Linux users may note that other operators and wild cards may also be
used.
EXCEPT: This operator creates an exception in either the "allow" list or "deny"
list. For example, if the Allow list includes a line which reads "192. EXCEPT
192.255.255.6," then all IP address that begin with "192." will be allowed; except
192.255.255.6 (providing that this address appears in the Deny list.)
ALL: The ALL wild card indicates that all IP Addresses should be allowed or
denied. When ALL is included in the Allow list, all IP addresses will be allowed
to connect; conversely, if ALL is included in the Deny list, all IP Addresses will be
denied (except for IP addresses listed in the Allow list.) For example, if the Deny list
includes a line which reads "ALL EXCEPT 168.255.192.192," then all IP addresses
except 168.255.192.192 will be denied (except for IP addresses that are listed in the
Allow list.)
Net/Mask Pairs: An expression of the form "n.n.n.n/m.m.m.m" is interpreted
as a "net/mask" pair. A host address is matched if "net" is equal to the bitwise
AND of the address and the "mask." For example, the net/mask pattern
"131.155.72.0/255.255.254.0" matches every address in the range "131.155.72.0"
through "131.155.73.255."