16.10 - Working with the Effects of Filter Type on allow and deny Elements - Teradata Database

Teradata Database Security Administration

prodname
Teradata Database
vrm_release
16.10
created_date
June 2017
category
Administration
Security
featnum
B035-1100-161K

IP filters often contain both an allow and deny elements, although use of both elements is not required. The first element in the filter specifies the range of IP addresses to which the IP filter applies. The second element defines exceptions within that range to which the filter does not apply. The filter type determines which element is the primary and which is the exception.

Consider the differences in function of the allow and deny elements between the restrictive filter in Example: IP Filter, and the following permissive filter:

<allow ip="141.206.0.0/255.255.0.0"/>
<deny ip="141.206.35.0/255.255.255.0"/>

The following table compares element function within the two filter environments.

Filter Type Element Function
Restrictive allow Allows access to the specified IP address or address range.

The true range depends on both the IP address and the mask.

deny Defines an exception to the address range specified in the allow element. This exception denies access to a specified IP address or address range that is a subset of the allowed address range.
Permissive deny Denies access to the specified IP address or range of addresses.
allow Defines an exception to the address range specified in the deny element. This exception allows access to a specified IP address or address range that is a subset of the denied address or address range.