key and ip adress
Cricket Liu
cricket at VeriSign.com
Sat Feb 17 00:03:57 UTC 2001
> > > Is that the only way, or is there another way to phrase the addresses
to
> > > include, for example, blocks of class A addresses to keep our match
list a
> > > reasonable size? Let's say I'd like to block everything but 10/8
> > > addresses, then accept by key.
> >
> > Wouldn't
> >
> > acl "not-10" {
> > ! 10/8;
> > key-name;
> > };
> >
> > do what you want?
>
> But that would deny updates from 10/8 and he said he wanted to block
> everything but 10/8.
Yes, I misinterpreted what Ian wrote.
> What I would try is:
>
> acl not-me { ! 10/8; any; };
> allow-update { ! not-me; key keyname; };
Good idea.
cricket
More information about the bind-users
mailing list