Just installed NC18 a few days ago and I thought I would play with some of the file access control stuff to get familiar. I noticed that the flows are missing OR logic…it’s all AND logic.
Here’s an example of why this isn’t all that great: IPv4 and IPv6. A scenario:
If a file is tagged with
mytag AND the IPv4 addresses does not match 10.0.0.0/24, AND the IPv6 address does not match dead:beef:cafe/64, restrict access
Why does this not work? Because you can’t match both IPv4 AND IPv6 at the same time. You would want to have an OR so if client A only supports IPv4, it can be restricted based on IPv4 rules. Likewise, if a client DOES support IPv6, it would also need to block based on that IPv6 connection.
Is there a solution to this that isn’t yet obvious to me?