Prev: Next: Up: Global directives[Contents][Index]


9.4.6 ACL Definition

Global directive: ACL "name" ΒΆ

Define a named access control list. An ACL is a list of network addresses in CIDR notation. Once defined, the ACL can be used in Service statements to limit access to resources (see ACL reference).

The statement has two forms: immediate and file reference ACL. In immediate form, the CIDR list follows the ACL line and is terminated with an End directive on a line by itself. Each non-empty line contains a CIDR enclosed in double quotes. Comments and Include statements are allowed. For example:

ACL "secure"
   "192.0.2.0/26"
   "203.0.113.0/24"
End

The syntax of named file reference ACL is:

ACL "name" -file "filename"

or

ACL "name" -filewatch "filename"

If filename is relative, it is looked up in the include directory. The syntax of the file is similar to the described above, except that CIDRs need not be quoted and Include statements are not allowed. The form with -file reads the file contents once, at the program startup. The one with -filewatch reads it and then monitors that file for changes. Any change to the file causes it to be read again, thus the ACLs are updated automatically without the need to restart the program. See File reference ACL, for a detailed discussion of this feature.