# This is a comment, I love comments.
#
# BNF:
# File
#	'<' <dbase> <NAME> '>' block '</' <dbase> '>'
# NAME 
#	::= \w+
# Block
#	<order> [by] <deny|allow>,<allow,deny>
#	<allow|deny> [operation] <ops> [from] <spec>
# ops
#	none | rdonly | rdwr | all
# spec
#	IP 	[ [>netmask>] <mask> | '/' <len> ]
#	FQHN 	[ [<netmask>] <mask> | '/' <len> ]
#	'all'
# mask
#	IP | FQHN
# IP
#	dotted quad
# FQHN
#	anything DNS
# len
#	0 .. 32
#


# test blank lines
  


# test record
#
<dbase foo>
	# Order allow,deny or deny,allow
	order deny,allow
	# operation levels
	#	none 	nothng allowed
	#	rdonly	just read allowed
	#	rdwr	read and write allowed
	#	all	read, write and create allowed.
	#
	# 	
	deny all from all
	allow rdonly from all
	allow operation rdwr from 127.0.0.1
	allow all from 10.0.1.2/8
	allow none from 10.0.1.2/1
	allow rdonly from 10.0.1.2/27
</dbase>

# Base line which gets ALWAYS applied
#
<dbase _>
	order allow,deny
	deny all from all
</dbase>

<dbase bar>
	order allow,deny
	allow all from all
	deny rdwr from 1.2.3.4/16
</dbase>

<dbase tango>
	deny all from all
</dbase>

<dbase tango2*>
	allow all from all
</dbase>

# Fall through which ONLY gets applied if there
# are no specific dbase+IP rule was defined.
#
<dbase *>
	order deny,allow
	allow rdonly from all
</dbase>
	
<dbase caffee>
	order allow,deny
	allow rdonly from all
	allow rdwr from 9.8.7.6
	allow all from  4.5.6.7/24
	#deny all from www.news.com
	allow drop from 127.0.0.1
</dbase>