Hi! I noticed that while this ACL matches my source IP of 192.168.42.123:
acl src_internal_net src 192.168.42.0/24 this one does _not_: acl src_internal_net src 192.168.42/24 While not strictly part of RFC 4632 (yet), leaving out trailing .0 octets is a very common notation and is probably going to be included in a future RFC update (as per Errata 1577): https://www.rfc-editor.org/errata_search.php?rfc=4632&eid=1577 If there are concerns against this notation, the config parser should at least issue a WARNING or even ERROR about this, because I found it it quite confusing. Especially if ACLs are used for actual access control, this can have nasty consequences. What do you think? Cheers, Daniel -- Daniel Schneller Principal Cloud Engineer CenterDevice GmbH