aca8206c30
IP access list control was implemented as default success for an empty access control list - but this had the effect of an empty list default allowing if "Satisfy Any" was set. Fortunately this was bugged, so empty lists default failed - but this broke empty lists for "Satisfy All". This patch is the correct fix: lists now always default fail, but an empty list removes the check from access control considerations. This restores the original implementations behavior and fixes the bug.
12 lines
351 B
Text
12 lines
351 B
Text
# Access List Clients for {{ access_list.id }} - {{ access_list.name }}
|
|
geo $realip_remote_addr $access_list_{{ access_list.id }} {
|
|
default 0;
|
|
{% for client in access_list.clients %}
|
|
{% if client.directive == "allow" %}
|
|
{{client.address}} 1;
|
|
{% endif %}
|
|
{% if client.directive == "deny" %}
|
|
{{client.address}} 0;
|
|
{% endif %}
|
|
{% endfor %}
|
|
}
|