> to use - say you want to block a, b, & c for group1 and a, b & d for > group2 - if a site falls into both c & d but is not listed in both > lists c & d then that site will get through either group1 or group2 > where it shouldn't get through either
Yep, if you have some sort of "matrix" rules then you need them in all, but I guess if you have a simpler hierarchy then you might get away with it (e.g. if the groups were in a strict hierarchy, so group1 was a subset of group2 and so on). I think the safest route is to keep the duplication in the "master" lists, and if appropriate apply some automated filtering to the local list as appropriate for the rulebase. Nick Barron, Group IT Security Officer Pennant Software Services Ltd -- Registered in England No. 3772667 PGP: A94C 4190 026E 3E02 6D50 C8FA 8620 3091 FF34 533D
