This corresponds with the newly refactored code.
is a comma-separated list of entries of the form:
.IP
.BR + | \-
-.IR address \c
-.RB [ \- \c
-.IR address | \c
-.BR / \c
-.IR prefix-length ]| \c
-.BR local | any
+.I address-range
.RB [ : \c
-.IR port [ \c
-.BI \- \c
-.IR port ]]
+.IR port-range ]
.PP
(The spaces in the above are optional.)
.PP
.I denied
.RB (` \- ').
.PP
-The IP-address portion may be any of the following
+The
+.I address-range
+portion may be any of the following.
.TP
.B any
Matches all addresses.
.IB address / prefix-length
Matches an address in the given network.
.PP
-The port portion may be omitted (which means `match any port'), or may
-be a single
+The
+.I port-range
+may be omitted (which means `match any port'), or may be a single
.I port
or a range
.IB port \- port