Hi Alan,

Maybe I'm wrong, but I think that having "{ !localnets; !localhost; }" in the
external view is redundant as they'd be matched by the prior views, and never
make it to the external (external is the third view)?

Regards,

Jason

On Wed, 10 Oct 2007 08:04:23 -0400, Alan Clegg wrote
> Jason Mitchell wrote:
> > I replaced "match-clients { !localnets; !localhost; };" with
> > "match-clients { ANY; };" and now I'm seeing the expected behavior.

>
> ACLs all end in a silent "none;", so what you had the first time was:
>
> match-clients { !localnets; !localhost; none; };
>
> Not localnets, not localhost, and nobody else as well.
>
> Instead of replacing that with a generic "any", how about:
>
> match-clients { !localnets; !localhost; any; };
>
> which matches everything EXCEPT localnets and localhost. I think
> that is more along the lines of what you want to happen based on
> your previous mail about the internal/external views.
>
> AlanC