Let block_acl() work as advertised. If the last matching acl directive denies access...

Otherwise it's impossible to say: grant everyone but those
explicitly-mentioned suckers access (blacklist).

Usually it's done the other way around (whitelist), which worked
as expected, but blacklisting is still useful for a public proxy
where one only needs to deny known abusers access.

diff --git a/filters.c b/filters.c
index 014c0f6..b047a02 100644 (file)
--- a/filters.c
+++ b/filters.c
@@ -1,4 +1,4 @@
-const char filters_rcs[] = "$Id: filters.c,v 1.134 2010/09/14 07:17:01 fabiankeil Exp $";
+const char filters_rcs[] = "$Id: filters.c,v 1.135 2010/10/10 09:58:12 fabiankeil Exp $";
 /*********************************************************************
  *
  * File        :  $Source: /cvsroot/ijbswa/current/filters.c,v $
@@ -289,6 +289,10 @@ int block_acl(const struct access_control_addr *dst, const struct client_state *
             {
                return(0);
             }
+            else
+            {
+               return(1);
+            }
          }
          else if (
 #ifdef HAVE_RFC2553