Ian Eiloart wrote:
>>>> pseudo code:
>>>>
>>>> forany {
>>>> if( listed in whitelist ){
>>>> false
>>>> } else if( listed in blacklist ){
>>>> true
>>>> } else {
>>>> false
>>>> }
>>>> }
>>> How would you use it in an ACL?
>> By converting my pseudo code into real configuration after reading the
>> documentation which shows you how to do it.
> Except the pseudocode is incorrect.
Not really. It's pseudocode, not real code.
> forany requires two arguments: a list,
> and a condition. The condition is applied to all items in the list. You've
> written your pseudocode as if there's only one argument.
Yeah. Notice how I didn't even mention a domain list. You can easily
assume that it's the first argument.
> in an acl, to check that one domain matched your condition, you'd say
>
> condition = forany { DOMAINLIST } { CONDITION }
>
> use $item in CONDITION to refer to each domain in turn.
>
> I can't see a way that you can call an acl with an argument, you'd have to
> pass the argument in an acl variable, and I don't know whether you can do
> that. Perhaps you could say something like
>
> if { and {set acl_m_domain = $item}{acl foo}}
>
> but I don't know if you can use set like that. Of not, you have to put your
> acl into the argument of forany, perhaps like this:
>
> condition = forany {DOMAINLIST}{ }
My point was that he could do everything inside the forany expansion
using dnsdb without having to call an external acl.
Mike