[ISC-support #15083] Add optional checks and warnings for network ACL elements
We had an issue in production due to an error in an ACL. An IP prefix was entered with too small a netmask size.
As a sanity check, issuing a warning/error when an IP prefix has non-zero bits in the part of the IP address past the netmask would have detected the error.
Perhaps there could be a configuration option akin to the check-* directives to control this sort of sanity check?