[tac_plus] tac_plus acl match on everything
Andreas Jacobi
andreasjacobi85 at gmail.com
Thu Jan 19 19:58:36 UTC 2012
Hi,
I have a tac_plus installation on a Slackware server. Everything works fine
except my acls.
It seems that whatever I type in an acl, it will match.
For example an acl with the regexp test will match any of my network
equipments source IP addresses. I tested it with a deny acl and here is the
debug output (ip is replaced with a fake but you get the idea):
ip 11.111.11.1 matched deny regex test of acl filter test-acl
The acl config:
acl = test-acl {
deny = test
allow = .*
}
I then apply the acl to a group.
group = test-group {
acl = test-acl
}
tac_plus version F4.0.4.20
What am I missing here?
/ Andreas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20120119/48866518/attachment.html>
More information about the tac_plus
mailing list