From 872b85b5f207b193ba9af0c7fde5cb6f917d6a41 Mon Sep 17 00:00:00 2001
From: Sergey Lyubka <valenok@gmail.com>
Date: Mon, 14 Apr 2014 13:03:47 +0100
Subject: [PATCH] more on -access_control_list

---
 docs/Options.md | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/docs/Options.md b/docs/Options.md
index a9d1dcfc..9c0f2c80 100644
--- a/docs/Options.md
+++ b/docs/Options.md
@@ -10,8 +10,12 @@ this means to deny only that single IP address.
 
 Subnet masks may vary from 0 to 32, inclusive. The default setting is to allow
 all accesses. On each request the full list is traversed, and
-the last match wins. Example: `$ mongoose -access_control_list -0.0.0.0/0,+192.168/16` to deny all acccesses except those from `192.168/16` subnet. To learn
-more about subnet masks, see the
+the last match wins. Example: `$ mongoose -access_control_list -0.0.0.0/0,+192.168/16` to deny all acccesses except those from `192.168/16` subnet. Note that if the option is set, then all accesses are forbidden
+by default. Thus in a previous example, `-0.0.0.0` part is not necessary.
+For example, `$mongoose access_control_list +10.0.0.0/8`
+means disallow all, allow subnet 10/8 only.
+
+To learn more about subnet masks, see the
 [Wikipedia page on Subnetwork](http://en.wikipedia.org/wiki/Subnetwork)
 
 Default: not set, all accesses are allowed.