Henrik Nordstrom disse na ultima mensagem: > On fre, 2007-08-31 at 05:17 -0300, Michel Santos wrote: > >> looking this over means that when the IP address of any 'acl peer src >> $1' >> match the IP range of 'acl all src ip/mask' then I do not need to >> specify >> an additional 'http_access deny peer we_acl' if 'http_access deny all >> we_acl' is defined before right > > Probably. But I don't have a good view of your http_access rules.. > they are exactly the same for 'all' and 'peers' under the acl definition list come the deny for all and peer and under them at the end the allow clauses > > in a src acl a network speification (ip/mask) matches all IPs in that > network, including the network and broadcast addresses. > > 192.168.1.0/24 is the same as 192.168.1.0-192.168.1.255 > really ;) a range indicator is allowed? or did you wrote this only for better understandings what /24 means? > Note: 192.168.1.1/24 is an error, and read as 192.168.1.0/24 with a big > fat warning. but 192.168.1.1/32 is not michel ... **************************************************** Datacenter Matik http://datacenter.matik.com.br E-Mail e Data Hosting Service para Profissionais. ****************************************************
