14.2. Common settings

14.2. Common settings
	Chapter 14. System Services

Most system service have common access control attributes as follows.

Tip

You can verify whether the access control performs as intended using the diagnostic facility described in Section 15.2

Table 14.2. List of system services

Attribute	Function
`table`	If specified, then the service only accepts requests/connections on the specified routing table. If not specified then the service works on any routing table. Where the service is also a client then this specifies the routing table to use (default 0).
`local-only`	This normally defaults to `true`, but not in all cases. If true then access is only allowed from machines on IPs on the local subnet^[a]. This restriction even applies if the address happens to be in the `allow` list.
`allow`	If specified then this is a list of ranges of IP addresses and ip group names from which connections are allowed. If specified as an empty list then no access is allowed. If omitted then access is allowed from everywhere. Note that if `local-only` is specified, the allow list allows access from addresses that are not local, if they are in the `allow` list.
`log`	The standard `log`, `log-error`, and `log-debug` settings can be used to specified levels of logging for the service.
^[a]A locally-attached subnet is one which can be directly reached via one of the defined interfaces, i.e. is not accessed via a gateway, and not via an interface which has been marked `wan="true"`.

Tip

Address ranges in allow can be entered using either <first address>-<last_address> syntax, or using CIDR notation : <start address>/<prefix length>. If a range entered using the first syntax can be expressed using CIDR notation, it will be automatically converted to that format when the configuration is saved. You can also use name(s) of defined IP address group(s), which are pre-defined ranges of IPs.