On 8 February 2011 14:48, Kyle Brandt <k...@stackoverflow.com> wrote:
> Can I have an ACL that doesn't perform an action on a specific IP but will > perform the action on the subnet that the IP is part of? > > For example: > > acl bad_subnet src 10.0.0.0/8 > acl okay_ip src 10.0.1.5 > use_backend blocked if bad_subnet !okay_ip > > So the target result would be to use the backend "blocked" if the IP is in > the 10.0.0.0/8 subnet unless that IP is 10.0.1.5. If the IP is outside the > 10.0.0.0/8 network no action would be take for this rule. > I just tried this on 1.4.8 and it works exactly as you specified. Graeme.