On Wednesday 25 January 2006 22:34, Mark Elsen wrote: > > Don't you rather want to use "dst" instead of "dstdomain"? > > From the FAQ on Access Controls : > > # dst: destination (server) IP addresses > ^^^^^^^^^^^^^^^^^^^^ > # myip: the local IP address of a client's connection > # srcdomain: source (client) domain name > # dstdomain: destination (server) domain name Admitted - it makes a difference. But most of the time when people want to make an ACL point to a certain host they use 'dst'. Even though the IP address is checked host names are still resolved. And www.badsite.com looks suspiciously like a host entry. :) Besides the (2.4) documentation on how to use dstdomain and when "*.domain" or just "domain" needs to be used is not quite precise. Christoph -- Never trust a system administrator who wears a tie and suit.
