how to allow list IPs? (multiple IPs) - Page 2

surbhi123 · 06-29-2022 10:07 PM

Hello everyone, I hope everything is well with you. I was wondering how I could dynamically whitelist IP addresses using access control as in my current scenarios. What I'm doing is creating a kvm and storing the IP in a variable, then retrieving this IP from the kvm and storing it in a variable, then passing this variable to the access entity policy, however this is just for a single IP;

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<KeyValueMapOperations async="false" continueOnError="false" enabled="true" name="Key-Value-Map-Operations-1" mapIdentifier="Dynamic_IP">
    <DisplayName>Key Value Map Operations-1</DisplayName>
    <Properties/>
    <ExclusiveCache>false</ExclusiveCache>
    <ExpiryTimeInSecs>300</ExpiryTimeInSecs>
    <Get assignTo="ip">
        <Key>
            <Parameter>kvm.ip.value</Parameter>
        </Key>
    </Get>
    <Get assignTo="i">
        <Key>
            <Parameter>ip1</Parameter>
        </Key>
    </Get>
    <Scope>environment</Scope>
</KeyValueMapOperations>

and then I use access entity polices

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AccessControl async="false" continueOnError="false" enabled="true" name="Access-Control-1">
    <DisplayName>Access Control-1</DisplayName>
    <Properties/>
    <IPRules noRuleMatchAction="ALLOW">
        <MatchRule action="DENY">
            <SourceAddress mask="32">{ip}</SourceAddress>
        </MatchRule>
    </IPRules>
</AccessControl>

but how can I whitelist 100s of IPs? I am happy to create 100s of entry of in the same KVM but the thing is that how can i fetch all the 100s of kvm entries(IP) at a time, If we create 100s of variable in the KVM policy that would be tricky and might be cause of problematics I don't want to create separate variable for separate KVM entries in the Policy.