Skip to main content
Version: 15.0

How to Use IP Constraints

IP constraints can be set at different points in ADOIT. They need to use the following pattern:

  • An IP constraint consists of a comma separated list of rules.

  • A rule consists of an optional keyword ('allow' or 'deny') followed by a white space, and a CIDR range, IP address or address with wild card * (e.g. 192.168.*). The keyword "all" can be used to match all addresses.

  • If rules are present, but no match is made, the default setting is "deny". If no rules are present, the default setting is "allow".

  • The first matching rule decides. E.g. when you formulate a constraint like "allow 192.*, deny 192.168.0.1", the 'deny' rule would have no effect, as that address matches the 'allow' rule already.

Example

Deny all IP addresses starting with 192., deny the IP address 193.168.0.1, allow all other IP addresses:

deny 192.*,deny 193.168.0.1,allow all

Allow all IP addresses starting with 178. except 178.6.6.6, deny all other IP addresses:

deny 178.6.6.6,allow 178.*