phavekes
commented
4 hours ago Seems to work fine in playground. Minor but important detail is that autoformat policy description does not seem to work anyore for negate (misses "not"). See e.g. policy "thijs test fmt" on test2. We actually use this autoformat feature a lot and am afraid tht it will lead to endless confusion if the "not" is missing there. (Thijs Kinkhorst - Sep 1, 2023)
This issue is imported from pivotal - Originaly created at Mar 15, 2021 by Thijs Kinkhorst
It is currently possible to negate each IP-range individually. This is not very useful when using multiple ranges, because the OR makes that this always evaluates to true:
Require loa2 if ip is not 1 or ip is not 2 or ip is not 3.
It\'s both semantically and logically better to move the negate outside of the brackets so there\'s one negate for the set of OR\'ed IP-ranges:
Require loa2 if ip is not (1 or 2 or 3)