- Add charon4 to the set of allowed transferers
- Use a named ACL, rather than listing the full set twice
- Comment the different allowed IPs with what they are
- Enable notifications (or at least don't explicitly disable them) so changes
propagate faster