Network protection Rule is a single instruction in a Ruleset which defines the behavior of the LANProtector Server. Rules are defined by the user and specify which computers and devices are allowed to be on the network and which aren’t.

Rules in a Ruleset are stored in an ordered list and are always processed top-to-bottom. Rules can always be reordered in the Ruleset.

Each Rule, disregarding the type, is defined by a common set of properties:

• Name: a custom name or Rule description
• State:
• Allow: the Rule will allow network access to the network peers that are matched by the Rule
• Deny: the Rule will deny network access to the network peers that are matched by the Rule
• Inactive: the Rule will be ignored when the Ruleset is processed
• MAC Address
• Associate MAC Address: the Rule will have a specific MAC Address associated, to make sure it is either matched or missed when testing the Rule
• Allowed: assigned MAC Address must be matched
• Unallowed: assigned MAC Address must not be matched
• Reply MAC Address: an advanced option allowing customization on what MAC Address will be used when blocking denied network peers; can be:
• MAC Bridge (01-80-C2-00-00-01)
• MAC Bridge Alternative (01-80-C2-00-00-00)
• Local (Ruleset bound network adapter local MAC Address)
• Random (switch cache friendly random selected MAC Address from a pool of 32 predefined addresses)
• Specific (manually entered MAC Address)

There are 4 different Rule types, each allowing IPv4 address different range matching:

1. Single Host: matches a single IPv4 address
2. Address Range: matches a range of IPv4 addresses between and including two specified IPv4 addresses
3. Subnetwork: matches an IPv4 subnet defined by an IPv4 address and a network mask address
4. Wildcard Mask: matches IPv4 address’ quad-dotted textual notation to a textual custom specified wildcard mask