From 4860007a503791f8c8afd1842d4dbfd33120ce18 Mon Sep 17 00:00:00 2001
From: Juan Ferrer Toribio <juan@verdnatura.es>
Date: Mon, 22 Nov 2021 18:55:37 +0100
Subject: [PATCH] ACL access fix

---
 config.yml | 4 ++++
 index.js   | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/config.yml b/config.yml
index abeb49c..c4a7ab1 100644
--- a/config.yml
+++ b/config.yml
@@ -34,6 +34,10 @@ acls:
     ips:
     - 10.5.1.0/24
     zones: all
+  dmz:
+    ips:
+    - 10.0.0.0/16
+    zones: all
 defaults:
   https: true
   zone: public
diff --git a/index.js b/index.js
index 62b7d85..cfe54f3 100644
--- a/index.js
+++ b/index.js
@@ -256,7 +256,7 @@ async function updateProxy(firstRun) {
         let match = false;
         for (const bNet of bAcl.ips) {
             match = bNet.mask === 0;
-            if (bNet.mask > 0) {
+            if (bNet.mask > 0 && bNet.mask <= aNet.mask) {
                 const netMask = (~0) << (32 - bNet.mask);
                 const aSubnet = aNet.ip & netMask;
                 const bSubnet = bNet.ip & netMask;