Working with the Effects of Filter Type on allow and deny Elements - Analytics Database - Teradata Vantage

Security Administration

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2024-02-29
dita:mapPath
hjo1628096075471.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
zuy1472246340572
lifecycle
latest
Product Category
Teradata Vantageā„¢

IP filters often contain both an allow and deny elements, although use of both elements is not required. The first element in the filter specifies the range of IP addresses to which the IP filter applies. The second element defines exceptions within that range to which the filter does not apply. The filter type determines which element is the primary and which is the exception.

Consider the differences in function of the allow and deny elements between the restrictive filter in Example: IP Filter, and the following permissive filter:

<allow ip="192.0.2.200/255.255.0.0"/>
<deny ip="192.0.2.216/255.255.255.0"/>

The following table compares element function within the two filter environments.

Filter Type Element Function
Restrictive allow Allows access to the specified IP address or address range.

The true range depends on both the IP address and the mask.

deny Defines an exception to the address range specified in the allow element. This exception denies access to a specified IP address or address range that is a subset of the allowed address range.
Permissive deny Denies access to the specified IP address or range of addresses.
allow Defines an exception to the address range specified in the deny element. This exception allows access to a specified IP address or address range that is a subset of the denied address or address range.