16.10 - Example: IP Filter - Teradata Database

Teradata Database Security Administration

Product
Teradata Database
Release Number
16.10
Release Date
June 2017
Content Type
Administration
Security
Publication ID
B035-1100-161K
Language
English (United States)
<ipfilter name="filter1" type="restrictive">
  <allow ip="141.206.0.0/255.255.0.0"/>
  <deny ip="141.206.35.0/255.255.255.0"/>
  <appliesto tagref="xyzzy"/>
</ipfilter>

where:

Filter Component Description
<ipfilter name="filter1" Each filter definition begins (and ends) with an ipfilter element, which must be the child of an ipfilters element.

The ipfilter element at the beginning of the filter definition must contain the name attribute and a corresponding value. In this case, the name is filter1.

type="restrictive"> Identifies the type of filter as either permissive or restrictive, and determines how the system processes the filter allow and deny elements.

See About Permissive Filters and About Restrictive Filters.

<allow ip="141.206.0.0/255.255.0.0"/> A restrictive filter must use an allow element to define all the IP addresses that the filter allows to log on.

The allow element is composed of the:

  • Allowed IP address range, in this example, 141.206.0.0
  • Mask, 255.255.255.0, which defines how much of the allow IP address the system considers when determining which IPs it allows to logon.

For information about how the allow and deny elements affect both permissive and restrictive filters, see Working with the Effects of Filter Type on allow and deny Elements.

For more information about masking, see the topics beginning with About IP Addresses and Mask Structure.

<deny ip="141.206.35.0/255.255.255.0"/> Restrictive filters can optionally use a deny element to define exceptions to the range of addresses specified in the allow element.

The deny element is composed of the:

  • Deny IP address or address range, 141.206.35.0/
  • Mask, 255.255.255.0, which defines how much of the IP address the Gateway uses to determine if a logon is allowed.

For information about allow and deny element function within a filter, see Working with the Effects of Filter Type on allow and deny Elements.

For information on masking, see the topics beginning with About IP Addresses and Mask Structure.

<appliesto tagref="xyzzy"/> The tagref value in each applies to element links the filter to the user element with a matching tag attribute value. In this case, the value is xyzzy. This link applies the rules for the IP filter to the user.

You can use an appliesto element for each user to which the IP filter applies.

For more information on applying IP filter effects to all users, see Creating an IP XML Restriction Document and Applying a Filter to All Users.

</ipfilter> This element defines the end of the IP filter definition.