Limiting cell access
A client is allowed to connect to the cell if its IP address matches the general AllowConnectionFrom as well as the client type-specific Allow*From.
The following figure shows an example of masking syntax.
Masking syntax
<AddrMask> = <Addr> ['/' <Mask>]
<Addr> = <Nr> '.' [<Nr> '.' [<Nr> '.' [<Nr>]]]
<Mask> = <Addr> | <Nr>
<Nr> = 0..255
The following conventions apply:
- An abbreviated Addr or Mask is expanded with zeros.
- A numeric Mask (number without trailing dot) gives the number of 1 bit.
- An omitted Mask defaults to all bits set to 1.
- A connection is allowed if the source address ANDed with the Mask matches Addr ANDed with the Mask.
When the Mask is all zeros, any address matches regardless of the value of Addr. For all Mask bits whose value is one (1), the equivalent bits in Addr must match the equivalent bits in the source address.
The following table lists the IP address parameters.
IP Address parameters
Parameter | Description |
|---|---|
AllowConnectionFrom=0./0 | All systems allowed |
AllowConnectionFrom=0./32 | No system allowed |
AllowConnectionFrom=198.12./255.255. | Any system from the 198.12.xx.xx |
AllowConnectionFrom=127.0.0.1/1 | Enables any host with an IP address lower than 128.0.0.0, because it indicates there is only 1 bit in the mask |
AllowConnectionFrom=198.12.33./255.255.255.:198.12.92./255.255.255. | Systems on the 198.12.33.xx and 198.12.92.xx networks might connect |
The default is 0./0, indicating that the server should accept connections from any source. Usually this is useful only for testing or debugging, or for use with a system that is isolated from the network.
To specify one single address, specify the address without a mask, or use a 32-bit mask. The following examples are equivalent ways of specifying a single address:
- 127.0.0.1
- 127.0.0.1/32
- 127.0.0.1/255.255.255.255
When you specify more than one address per mask pair, a system that matches at least one of the pairs can accept a connection.