IPAddressRestrictionEntry Class
Syntax
public sealed class IPAddressRestrictionEntry
Remarks
The IPAddressRestrictionEntry class is a fundamental component for implementing granular network access control. It can be used in conjunction with other classes like IPAddressRuleStorage to manage a collection of access rules. Each entry specifies an IP address or a range, along with an action (Allow or Deny).
This class is particularly useful for web servers, firewalls, and other network applications that need to filter incoming connections based on IP addresses.
Constructors
-
IPAddressRestrictionEntry(string ipAddress, string subnetMask, bool allow)
Initializes a new instance of the
IPAddressRestrictionEntryclass with the specified IP address, subnet mask, and access permission.Parameters:ipAddress: A string representing the IP address.subnetMask: A string representing the subnet mask.allow: A boolean value indicating whether to allow or deny access.
-
IPAddressRestrictionEntry(string ipAddressRange, bool allow)
Initializes a new instance of the
IPAddressRestrictionEntryclass with the specified IP address range and access permission.Parameters:ipAddressRange: A string representing the IP address range (e.g., "192.168.1.0/24" or "10.0.0.0-10.0.0.255").allow: A boolean value indicating whether to allow or deny access.
Properties
-
IPAddress
Gets the IP address associated with this restriction entry.
public string IPAddress { get; }
-
SubnetMask
Gets the subnet mask associated with this restriction entry. This property is relevant when an IP address (not a range) is specified.
public string SubnetMask { get; }
-
AllowAccess
Gets a value indicating whether this entry permits or denies access.
public bool AllowAccess { get; }
-
IPAddressRange
Gets the IP address range as a string. This property is populated when the entry is initialized with an IP range.
public string IPAddressRange { get; }
Example
The following example demonstrates how to create and use IPAddressRestrictionEntry to allow access from a specific subnet and deny access from another IP address.
using System;
using System.Net;
using System.Collections.Generic;
// Assume IPAddressRuleStorage and related classes are defined elsewhere
// using System.Net.IPNetworking;
public class NetworkSecurityExample
{
public static void Main(string[] args)
{
// Create a list to hold our restriction entries
var restrictionEntries = new List<IPAddressRestrictionEntry>();
// Allow access from the internal network 192.168.1.0/24
var allowEntry = new IPAddressRestrictionEntry("192.168.1.0", "255.255.255.0", true);
restrictionEntries.Add(allowEntry);
// Deny access from a specific external IP address
var denyEntry = new IPAddressRestrictionEntry("203.0.113.10", "255.255.255.255", false);
restrictionEntries.Add(denyEntry);
// Deny access from a specific range of IPs
var denyRangeEntry = new IPAddressRestrictionEntry("198.51.100.0-198.51.100.255", false);
restrictionEntries.Add(denyRangeEntry);
Console.WriteLine("Created restriction entries:");
foreach (var entry in restrictionEntries)
{
if (!string.IsNullOrEmpty(entry.IPAddressRange))
{
Console.WriteLine($"- IP Range: {entry.IPAddressRange}, Allow: {entry.AllowAccess}");
}
else
{
Console.WriteLine($"- IP: {entry.IPAddress}, Mask: {entry.SubnetMask}, Allow: {entry.AllowAccess}");
}
}
// In a real application, you would pass these entries to a manager
// like IPAddressRuleStorage to enforce access control.
// Example:
// IPAddressRuleStorage ruleManager = new IPAddressRuleStorage();
// ruleManager.AddRules(restrictionEntries);
// bool canAccess = ruleManager.CheckAccess(IPAddress.Parse("192.168.1.50")); // Should return true
// bool canAccess2 = ruleManager.CheckAccess(IPAddress.Parse("203.0.113.10")); // Should return false
}
}