Implementation of Filter of IP based on ALLOW and DENY rules.
This implementation could be changed by implementing a new {@link IpFilterRule} than default {@link IpV4SubnetFilterRule} (IPV4 support only), {@link IpSubnetFilterRule} (IPV4 and IPV6 support) or {@link IpPatternFilterRule} (IP and host name string pattern support) .
The check is done by going from step to step in the underlying array of IpFilterRule.
Each {@link IpFilterRule} answers to the method accept if the {@link InetAddress} is accepted or not,according to its implementation. If an InetAddress arrives at the end of the list, as in Firewall usual rules, the InetAddress is therefore accepted by default.
- If it was constructed with True as first argument, the IpFilterRule is an ALLOW rule (every InetAddress that fits in the rule will be accepted).
- If it was constructed with False as first argument, the IpFilterRule is a DENY rule (every InetAddress that fits in the rule will be refused).
An empty list means allow all (no limitation).
For efficiency reason, you should not add/remove too frequently IpFilterRules to/from this handler. You should prefer to replace an entry (set method) with an ALLOW/DENY ALL IpFilterRule if possible. This handler should be created only once and reused on every pipeline since it handles a global status of what is allowed or blocked. Note that {@link IpSubnetFilterRule} which supports IPV4 and IPV6 should be used with as much aspossible no mixed IP protocol. Both IPV4 and IPV6 are supported but a mix (IpFilter in IPV6 notation and the address from the channel in IPV4, or the reverse) can lead to wrong result.
@author frederic bregier