mg_check_ip_acl.md 985 Bytes
Newer Older
1 2 3 4 5 6 7 8
---
title: "mg_check_ip_acl()"
decl_name: "mg_check_ip_acl"
symbol_kind: "func"
signature: |
  int mg_check_ip_acl(const char *acl, uint32_t remote_ip);
---

9
Verify given IP address against the ACL.
10 11 12 13 14 15

`remote_ip` - an IPv4 address to check, in host byte order
`acl` - a comma separated list of IP subnets: `x.x.x.x/x` or `x.x.x.x`.
Each subnet is
prepended by either a - or a + sign. A plus sign means allow, where a
minus sign means deny. If a subnet mask is omitted, such as `-1.2.3.4`,
16
it means that only that single IP address is denied.
17
Subnet masks may vary from 0 to 32, inclusive. The default setting
18
is to allow all access. On each request the full list is traversed,
19 20 21 22
and the last match wins. Example:

`-0.0.0.0/0,+192.168/16` - deny all acccesses, only allow 192.168/16 subnet

23 24
To learn more about subnet masks, see this
link:https://en.wikipedia.org/wiki/Subnetwork[Wikipedia page on Subnetwork].
25

26
Returns -1 if ACL is malformed, 0 if address is disallowed, 1 if allowed. 
27