Henrik, > > 89.0.31.0 is a valid IP for the 89.0.31.80/8 network. > > I could add a "/32" behind the "89.0.21.31-89.0.31.0", > > but I suspect there is a problem (by design?) in the acl parser. > > The parser automatically tries to guess the netmask if none is specified. > Quite often it guesses wrongly..
Thanks for your reply. Now that you mention it, I see the guessing code ;-) I'm on the safe side adding "/32" to my ranges, but is it good practice to guess a netmask for ip -ranges- if no netmask if defined explicitly? IMHO it's unconventional to mix ranges with netmasks. Cheers, Thomas
