602SQL Documentation Index  

Client IP Address Filtering

602SQL server can be setup so it enables client connection only from some specified IP addresses. IP address filtering disables client access from some computers or some networks and it's one of the tools that enhance SQL server security. IP filtering applies only to clients using the TCP/IP protocol. IP filtering has no effect on clients connecting to local server (on Windows) or clients accessing the server from a HTTP-tunnel.

When running clients on the same computer as the server on Linux, you have to specify and the IP address of the computer to the enabled IP's list. This is not necessary for Windows.

You can specify both addresses that enable client connection and addresses that disable client connection. If you specify some enabled IP addresses, then the client is allowed to connect if its IP address is on the enabled list and isn't on the disable addresses list. If you don't specify any enabled address, then the client is allowed to connect from any address that isn't on the disabled list.

IP addresses can be specified separately, or in groups. An address group is specified by an address X and network mask M. An address Y belongs to such group, if it agrees with the X address in those bits, that are assigned value 1 in the network mask M.


If a group is described by an address and a mask, then all addresses from to belong to this group.

If a 255 value is set in the mask (11111111 binary), then the Y address must agree with the X address in all bits, i.e. it has to be the same value.

The X address value is 128 or 10000000 binary. The mask value is 192 or 11000000 binary. The Y address must therefore agree with the X address only in the first two bits of X, i.e. it can be a value from 10000000 (128) to 10111111 (191).

If a 0 value is set in the mask (00000000 binary), then the Y address doesn't have to agree with the X address in any bits, i.e. it can be of any value.

IP Address Setting:

IP addresses are specified usually in the 602SQL Development Client, System folder, on the IP filtering tab of the Runtime parameters window. The specified values are stored as server properties:

As the other server parameters, these can also be set by the Set_property_value function.



allows TCP/IP access from addresses: to, to, to, to and HTTP tunnel from the address is allowed as well.

A setting:


enables access from all addresses except from and