<ipfilter name="filter1" type="restrictive"> <allow ip="192.0.2.200/255.255.0.0"/> <deny ip="192.0.2.216/255.255.255.0"/> <appliesto tagref="xyzzy"/> </ipfilter>
where:
Filter Component | Description |
---|---|
<ipfilter name="filter1" | Each filter definition begins and ends with an ipfilter element, which must be the child of an ipfilters element. The ipfilter element at the beginning of the filter definition must contain the name attribute and a corresponding value. The name is filter1. |
type="restrictive"> | The type of filter as either permissive or restrictive, and determines how the system processes the filter allow and deny elements. See Permissive Filters and Restrictive Filters. |
<allow ip="192.0.2.200/255.255.0.0"/> | A restrictive filter must use an allow element to define all the IP addresses that the filter allows to log on. The allow element is composed of the:
For information about how the allow and deny elements affect both permissive and restrictive filters, see Working with the Effects of Filter Type on allow and deny Elements. For more information about masking, see the topics beginning with IP Addresses and Mask Structure. |
<deny ip="192.0.2.216/255.255.255.0"/> | Restrictive filters can optionally use a deny element to define exceptions to the range of addresses specified in the allow element. The deny element is composed of the:
For information about allow and deny element function within a filter, see Working with the Effects of Filter Type on allow and deny Elements. For information on masking, see the topics beginning with IP Addresses and Mask Structure. |
<appliesto tagref="xyzzy"/> | The tagref value in each appliesto element links the filter to the user element with a matching tag attribute value. The value is xyzzy. This link applies the rules for the IP filter to the user. You can use an appliesto element for each user to which the IP filter applies. For more information on applying IP filter effects to all users, see Creating an IP XML Restriction Document and Applying a Filter to All Users. |
</ipfilter> | This element defines the end of the IP filter definition. |