Pearl User Guide
User administration
Allow List with a Range of IP Addresses, Distinct IP Addresses, and an Exception
Building on the previous examples, consider the situation where you want the CEO’s computers
(192.168.1.50, 192.168.1.51, 192.168.75) and all boardroom computers (192.168.1.200-192.168.1.250)
to access the broadcast, with the exception of the public boardroom computer (192.168.1.211). Use both
allow and deny lists to create the rule as follows:
Allow: 192.168.1.200-192.168.1.250, 192.168.1.50-192.168.1.51, 192.168.1.75
Deny: 192.168.1.211
Both lists can have multiple ranges and multiple distinct IP addresses, provided they are separated by
commas.
Deny List with a Range of IP Addresses
Converse to the previous examples, consider the situation where you want every computer on the network to
access the broadcast, with the exception of the CEO’s desktop, laptop, and tablet computers. Additionally,
boardroom computers should not be permitted with the exception of the cafeteria computer (IP address
192.168.1.222).
The deny list is an "exception" list for the allow list. So to craft the rule described above we need to allow all the
computers in the local subnet, then deny specific sub-ranges including two groups of boardroom computers
ensuring the cafeteria computer's IP address is not in the deny list:
Allow: 192.168.1.1-192.168.1.250
Deny: 192.168.1.200-192.168.1.221, 192.168.1.223-192.168.1.250, 192.168.1.50-192.168.1.51,
192.168.1.75
35