Define a named access control list. An ACL is a
list of network addresses in CIDR notation. Once defined, the ACL can
be used in Service
statements to limit access to resources
(see ACL reference).
The statement has two forms: immediate and file reference ACL. In
immediate form, the CIDR list follows the ACL
line and
is terminated with an End
directive on a line by itself. Each
non-empty line contains a CIDR enclosed in double quotes. Comments
and Include
statements are allowed. For example:
ACL "secure" "192.0.2.0/26" "203.0.113.0/24" End
The syntax of named file reference ACL is:
ACL "name" -file "filename"
or
ACL "name" -filewatch "filename"
If filename is relative, it is looked up in the include directory.
The syntax of the file is similar to the described above, except that
CIDRs need not be quoted and Include
statements are not
allowed. The form with -file
reads the file contents once, at
the program startup. The one with -filewatch
reads it and then
monitors that file for changes. Any change to the file causes it to
be read again, thus the ACLs are updated automatically without the
need to restart the program. See File reference ACL, for a
detailed discussion of this feature.