HI, Does the acls work according to the "first matching" rule principle? I want to allow only certain people to access certain hosts. I wrote the acl acl quant-srvs dstdomain "/etc/pf-tables/quant-srvs" acl quant-admins srcdomain "/etc/pf-tables/quant-admins" http_access allow quant-admins http_access deny quant-srvs it still seems to block "quant-admins" from accessing "quant-srvs" Thanks --Siju
