Hi Kyle, On Tue, Feb 08, 2011 at 07:48:19AM -0500, Kyle Brandt wrote: > Hi All, > > Can I have an ACL that doesn't perform an action on a specific IP but will > perform the action on the subnet that the IP is part of? > > For example: > > acl bad_subnet src 10.0.0.0/8 > acl okay_ip src 10.0.1.5 > use_backend blocked if bad_subnet !okay_ip > > So the target result would be to use the backend "blocked" if the IP is in > the 10.0.0.0/8 subnet unless that IP is 10.0.1.5. If the IP is outside the > 10.0.0.0/8 network no action would be take for this rule. > > Is my example correct for this? If it isn't -- how can this be done?
Yes, your example is correct and it will work without any change at all :-) Willy
