Following the recent man page modifications I was reminded of another
part of the manual that I am curios if it could be modifed a bit. This
is the part about the access-control statement. I have two suggestions:
#1. Mention how the rules are evaluated. Is it first match wins, last
match wins, or most specific match wins? This is important when
configuring overlapping rules (because only a specific subset should
have allow_snoop for example). My testing points towards the
most-specific-match option.
#2. Mention what the behaviour is for clients that do not match a
configured ACL. While it is stated that the unconfigured default is
"allow localhost and refuse the rest", it is not explicitly stated what
happens to unmatched clients when once an ACL is configured.
Following the recent man page modifications I was reminded of
another part of the manual that I am curios if it could be modifed
a bit. This is the part about the access-control statement. I have
two suggestions:
#1. Mention how the rules are evaluated. Is it first match wins,
last match wins, or most specific match wins? This is important
when configuring overlapping rules (because only a specific subset
should have allow_snoop for example). My testing points towards
the most-specific-match option.
Yes. Documented that.
#2. Mention what the behaviour is for clients that do not match a
configured ACL. While it is stated that the unconfigured default
is "allow localhost and refuse the rest", it is not explicitly
stated what happens to unmatched clients when once an ACL is
configured.
The "deny" action is taken if there are no rules. Documented that.