Above, I'd recommended (guidance 3) that you document rules to make it easier to see errors. A comment above the rule that said:
Code:
# allow the authorized client to access servers
would be as I believe you intend, and the correction I recommended above should work. However, a different comment such as:
Code:
# allow clients to reach the authorized server
would have been a different error. My recommendation would have been to correct the
in directive.
Documentation helps. It really, really helps. Especially when you're reading your own rulesets after leaving them be for a couple of years.