IP Filtering Configuration

IP Filtering is a method of restricting connections from external client systems based on the IP addresses of the clients. When this function is enabled, IP messages will only be accepted from specific IP addresses or IP address ranges. Multiple addresses or address ranges can be defined. IP packets will be ignored by the NetRS if they come from clients whose IP addresses are outside the specified ranges. This is primarily a function to enhance system security by restricting who can access your NetRS. Note that misconfiguring this function can result in total loss of communication with your NetRS. See the warnings below.

By default, the IP Filtering system is disabled. In that state, no filtering occurs and IP packets will be accepted and processed regardless of the IP address of the remote client.

When IP Filtering is enabled, one or more IP address ranges must be defined. Each incoming IP data packet is examined to determine the IP address of the sender of the packet. Packets are responded to only if the source address falls into one of the user defined address ranges. Packets will be ignored if they don't come from one of these trusted sources.

All IP addresses are described as 32-bit values. These are usually written as, for example, 155.63.21.25. That shows 4 bytes separated by "." (a period or full-stop character). IP Filtering address ranges are specified by a base address and a bitcount/netmask. The base address represents one specific address somewhere in the range. The Bitcount:Netmask defines the size of the address range. There are two way to specify the size. The first is by the number of significant bits in an address that will be tested during comparisons. The other method uses a Netmask which describes the significant bits as an address with all one-bits in the higher order locations and all zeroes in positions that don't matter. For example, a 24 bit netmask would be specified as 255.255.255.0, which has twenty-four one-bits followed by eight zero-bits. A specifier like this would describe an address range that requires an exact match in the upper 24 bits, and one of 256 possible patterns in the lower 8 bits.

Multiple address ranges of different sizes can be defined for Ip Filtering. Packets from a client will be accepted if the client IP matches any of the specified ranges.

IP Filtering is controlled via the IP Filtering Configuration page. This presents controls in two sections. The first section allows filtering to be Enabled or Disabled. Note that when IP Filtering is disabled, the address range information is still shown, even though it will not be used. This allows you to temporarily disable filtering without losing the details of your setup.

The second section is for managing IP Address Ranges.

Changes to the IP Filtering controls are accepted by clicking the OK button. If IP Filtering is being turned on, a dialog box will appear asking for confirmation that you truly want to enable the new configuration.

WARNINGS

It is possible to modify the IP Filtering configuration in such a way that you will be unable to communicate with the NetRS. If this is done, then you won't be able to use the browser to undo the changes. Care should be taken to avoid locking yourself out.

Top