...
The reason for this implementation is to have a successfully firewall solution that protects our SHASS Synology users who have an MIT kerberos username and password and access files only from a machine in the MIT 18 ip range (or via MIT's VPN).
With your Synology running DSM 5.0-4458 or later, you can set the Synology’s Firewall allow access to MIT users in the 18.0.0.0/8 address block but deny access to everyone else.
...