You can enable get code filters that limit access based on the IP and/or MAC address - you can set it for a domain or for a specific user on the ISL Conference Proxy.
Each filter definition consists of pairs of filter name and filter descriptions. Pairs are delimited with a new line or using the ; character.
Filter syntax:
(allow_|deny_)(all|ip|mac) <filter description> [;(allow_|deny_)(ip|mac) <filter description 1> ...]
First part of the pair begins with allow_ or deny_ and is followed by ip or mac (applying IP or MAC filtering). The second part (filter_description) depends on the filtering type - either an IP address/subnet/... or a MAC address using the aa-bb-cc-dd-ee format.
When accessing a computer, its access rules are read from the top down and stop immediately when a rule is matched, whether it is allow or deny. If it gets to the bottom of the list, deny_all is implicitly used - i.e. if all the rules fail to match and it gets to the bottom of the list, access is denied. This means that you do not need to append deny_all to your list.
An example:
deny_ip 192.168.0.113 allow_ip 192.168.0.112/255.255.255.0 allow_mac 00-19-d1-06-c9
This will allow connections from any IP in the 192.168.0.* subnet except 192.168.0.113 and allow connections coming from the 00-19-d1-06-c9 MAC address with any IP.
Note: IP and MAC addresses can be spoofed, so never base your security solutions only on that.
To enable filters, please follow these steps:
- Login to your ISL Conference Proxy administration (http://localhost:7615/conf).
- Go to User management, then select the desired domain or user (whether you want to set filters for a domain or for a specific user).
- Click the ISL Light tab.
- Uncheck the Desk code request filter and enter the desired filter definitions in the provided space.
- Click Save at the bottom.