> > > Actually you can. Deny the IP's you don't want then accept
> > > by key.
> >
> > Cute! I hadn't thought of that.
>
> Interesting. What is the best way to DENY, say, everything but one IP
> address or my local subnet? What kind of match list expression(s) would
> capture that?
acl "all-but-one" {
192.168.0.1;
! any;
};
cricket