-
Jaco Kroon authored
A pure blacklist is not good enough, we need a whitelist mechanism as well, and the simplest way to do that is to re-use existing ACL infrastructure. This makes it simpler to blacklist say an entire block (/24) except a smaller block (eg, a /29 or even a /32). Normally you'd need to recursively split the block, so if you want to blacklist a /24 except for a /29 you'd end up with a blacklit for a /25, /26, /27 and /28. I feel that having an ACL instead of a blacklist only is clearer. Change-Id: Id57a8df51fcfd3bd85ea67c489c85c6c3ecd7b30 Signed-off-by:Jaco Kroon <jaco@uls.co.za>
Jaco Kroon authoredA pure blacklist is not good enough, we need a whitelist mechanism as well, and the simplest way to do that is to re-use existing ACL infrastructure. This makes it simpler to blacklist say an entire block (/24) except a smaller block (eg, a /29 or even a /32). Normally you'd need to recursively split the block, so if you want to blacklist a /24 except for a /29 you'd end up with a blacklit for a /25, /26, /27 and /28. I feel that having an ACL instead of a blacklist only is clearer. Change-Id: Id57a8df51fcfd3bd85ea67c489c85c6c3ecd7b30 Signed-off-by:
