On Thu, Feb 05, 2004 at 03:11:44PM +0000, Philip Chambers wrote:
> I am surprised I have not been able to work out how to do what seems
> a quite simple test in a router. I want to restrict a router to
> SMTP connections from hosts external to my network.
> I already have:
> hostlist local_ip = 144.173.0.0/16 : 172.16.0.0/16 : 127.0.0.1
> and use that in ACLs with
> hosts = +local_ip
> However, I just can't see how I user +local_ip to restrict a router
> to be invoked olny if "hosts = ! +local_ip". "hosts" is not a
> router option and I can't work out how to user $sender_host_address
> and +local_ip in a condition.
You cannot, there is no expansion to lookup whether items are part of
a named lists (wishlist (73) 17-Jul-02 M Match a list from within a
condition).
The easiest way is probably modifying the acls
warn set acl_m0=local_ip
hosts = +local_ip
and using
condition = ${if eq {$acl_m0}{local_ip}{true}{false}}
cu andreas
--
"See, I told you they'd listen to Reason," [SPOILER] Svfurlr fnlf,
fuhggvat qbja gur juveyvat tha.
Neal Stephenson in "Snow Crash"
