As a client connects to the CAMNET server, the server checks its access control list (in its .xdb file) against the client's IP address. If a match is found to deny access to the client's IP address, either because it matches a range of IP addresses, or because it doesn't match, the client is disconnected before anything else happens. Server ACL entries are optional.

There are two general use cases. One is to deny access to all except specifically-allowed IP addresses. The second is to allow access to all except specifically-denied IP addresses.

To start, add a new row. If there are already CIDR entries, load the existing entries. The Load button is enabled when the list selection (at the bottom) is on the first row.

For the first case, to deny access to all but the chosen, first set the allowed IP addresses. For example, if your LAN is 192.168.0.x (where x can be 0 to 255), set CIDR IP4 address to 192.168.0.0, CIDR bits to 24 (which means the first 24 bits of the IP4 address are relevant: 192.168.0. The 8 bits after those don't matter: IP address from 192.168.0.0 to 192.168.0.255 are allowed. Accept after entering each. Save. Repeat for any other allowable IP addresses. Now set the deny range: Set CIDR IP4 address to 255.255.255.255, CIDR bits to 32, and access mode to deny. All IP addresses are denied except those specifically allowed.

For the second case, to allow access to all but the chosen, for each undesirable IP address, or address range, add its CIDR IP4 address, CIDR bits (8, 16, 24, or 32 bits), and access mode of deny. Repeat for any other denied IP addresses.

The CIDR data is stored in the camnetserver.xdb file. If you manage to exclude your own network, either edit this file to fix the problem, or delete the camnetserver.xdb file. The server reloads the .xdb file at each connection -- but no more often than every 5 seconds -- so changes made affect all future connections.

To send an external event signal (/trigger=all, /?trigger=all, /trigger=192.168.0.111, ...) the sending machine must be in the ACL and specifically allowed if it is not already connected to CAMNET server. For example, if the client and the server are on the same machine connected over 127.0.0.1, and the client machine sends a /?trigger=all (e.g., from a browser) to the IP address (e.g. 192.168.0.2), the trigger is ignored unless 192.168.0.2 (or 192.168.0.*) is specifically allowed in the ACL.

Note: EBNT_TGS does not respond to /trigger=1.2.3.4 type signals since this type of trigger does not set the T bit. Using /trigger=all sets the T bit. Either /?trigger= or /trigger= can be used.

The Load button is active when the first row in the list is selected, or the list is empty.