After considering the primary element, the Gateway considers the secondary element, which represents an exception to the filter rule stated in the primary. In the example below, the secondary element specifies an individual address, contained within the range defined by the primary element, to exempt the address from the allow.
- In the following example, a secondary deny element denies a single IP address from within the range of the primary allow element. This address could be a training computer that should not have direct access to the database.
- You can use the following mask to ensure that the filter tests all 32 bits of the IP address to enforce the deny restriction.
The deny processing for the incoming IP address denies access even though the allow element allows it. The mask format indicates that all 32 bits of the address are significant. The format is necessary because the denied IP address is unique only in the fourth decimal segment.