On fre, 2007-08-31 at 05:17 -0300, Michel Santos wrote: > looking this over means that when the IP address of any 'acl peer src $1' > match the IP range of 'acl all src ip/mask' then I do not need to specify > an additional 'http_access deny peer we_acl' if 'http_access deny all > we_acl' is defined before right Probably. But I don't have a good view of your http_access rules.. in a src acl a network speification (ip/mask) matches all IPs in that network, including the network and broadcast addresses. 192.168.1.0/24 is the same as 192.168.1.0-192.168.1.255 Note: 192.168.1.1/24 is an error, and read as 192.168.1.0/24 with a big fat warning. Regards Henrik
Attachment:
signature.asc
Description: This is a digitally signed message part
