From 03c8f74e982f0e90b05a23088b3f03630fc19b2b Mon Sep 17 00:00:00 2001
From: radhikap <radhika.puthiyetath@citrix.com>
Date: Mon, 8 Jul 2013 16:55:56 +0530
Subject: [PATCH] CLOUDSTACK-2806

---
 docs/en-US/add-gateway-vpc.xml         |   9 +-
 docs/en-US/configure-acl.xml           | 308 ++++++++++++++++---------
 docs/en-US/images/replace-acl-icon.png | Bin 0 -> 930 bytes
 docs/en-US/images/replace-acl-list.png | Bin 0 -> 7706 bytes
 4 files changed, 198 insertions(+), 119 deletions(-)
 create mode 100644 docs/en-US/images/replace-acl-icon.png
 create mode 100644 docs/en-US/images/replace-acl-list.png

diff --git a/docs/en-US/add-gateway-vpc.xml b/docs/en-US/add-gateway-vpc.xml
index 9a270f9d794..486cf84a824 100644
--- a/docs/en-US/add-gateway-vpc.xml
+++ b/docs/en-US/add-gateway-vpc.xml
@@ -144,10 +144,11 @@
   <section id="acl-private-gateway">
     <title>ACL on Private Gateway</title>
     <para>The traffic on the VPC private gateway is controlled by creating both ingress and egress
-      network ACL rules. The ACLs contains both allow and deny rules. As per the rule, all the
-      ingress traffic to the private gateway interface and all the egress traffic out from the
-      private gateway interface are blocked. You can change this default behaviour while creating a
-      private gateway.</para>
+      network ACL rules. The ACLs contains both allow and deny rules. In addition to the default ACL
+      rules, rules you might have created are also listed in the ACL drop-down list. As per the
+      rule, all the ingress traffic to the private gateway interface and all the egress traffic out
+      from the private gateway interface are blocked. You can change this default behaviour while
+      creating a private gateway.</para>
   </section>
   <section id="static-route">
     <title>Creating a Static Route</title>
diff --git a/docs/en-US/configure-acl.xml b/docs/en-US/configure-acl.xml
index e7459e68dbf..1def9ea65cc 100644
--- a/docs/en-US/configure-acl.xml
+++ b/docs/en-US/configure-acl.xml
@@ -25,119 +25,197 @@
     default, all incoming and outgoing traffic to the guest networks is blocked. To open the ports,
     you must create a new network ACL. The network ACLs can be created for the tiers only if the
     NetworkACL service is supported.</para>
-  <orderedlist>
-    <listitem>
-      <para>Log in to the &PRODUCT; UI as an administrator or end user.</para>
-    </listitem>
-    <listitem>
-      <para>In the left navigation, choose Network.</para>
-    </listitem>
-    <listitem>
-      <para>In the Select view, select VPC.</para>
-      <para>All the VPCs that you have created for the account is listed in the page.</para>
-    </listitem>
-    <listitem>
-      <para>Click the Configure button of the VPC, for which you want to configure load balancing
-        rules.</para>
-      <para>For each tier, the following options are displayed:</para>
-      <itemizedlist>
-        <listitem>
-          <para>Internal LB</para>
-        </listitem>
-        <listitem>
-          <para>Public LB IP</para>
-        </listitem>
-        <listitem>
-          <para>Static NAT</para>
-        </listitem>
-        <listitem>
-          <para>Virtual Machines</para>
-        </listitem>
-        <listitem>
-          <para>CIDR</para>
-        </listitem>
-      </itemizedlist>
-      <para>The following router information is displayed:</para>
-      <itemizedlist>
-        <listitem>
-          <para>Private Gateways</para>
-        </listitem>
-        <listitem>
-          <para>Public IP Addresses</para>
-        </listitem>
-        <listitem>
-          <para>Site-to-Site VPNs</para>
-        </listitem>
-        <listitem>
-          <para>Network ACL Lists</para>
-        </listitem>
-      </itemizedlist>
-    </listitem>
-    <listitem>
-      <para>Select Network ACL Lists.</para>
-      <para>The following default rules are displayed in the Network ACLs page: default_allow,
-        default_deny.</para>
-    </listitem>
-    <listitem>
-      <para>Click Add ACL Lists, and specify the following:</para>
-      <itemizedlist>
-        <listitem>
-          <para><emphasis role="bold">ACL List Name</emphasis>: A name for the ACL list.</para>
-        </listitem>
-        <listitem>
-          <para><emphasis role="bold">Description</emphasis>: A short description of the ACL list
-            that can be displayed to users.</para>
-        </listitem>
-      </itemizedlist>
-    </listitem>
-    <listitem>
-      <para>Select the ACL list.</para>
-    </listitem>
-    <listitem>
-      <para>Select the ACL List Rules tab.</para>
-      <para>To add an ACL rule, fill in the following fields to specify what kind of network traffic
-        is allowed in the VPC. </para>
-      <itemizedlist>
-        <listitem>
-          <para><emphasis role="bold">CIDR</emphasis>: The CIDR acts as the Source CIDR for the
-            Ingress rules, and Destination CIDR for the Egress rules. To accept traffic only from or
-            to the IP addresses within a particular address block, enter a CIDR or a comma-separated
-            list of CIDRs. The CIDR is the base IP address of the incoming traffic. For example,
-            192.168.0.0/22. To allow all CIDRs, set to 0.0.0.0/0.</para>
-        </listitem>
-        <listitem>
-          <para><emphasis role="bold">Protocol</emphasis>: The networking protocol that sources use
-            to send traffic to the tier. The TCP and UDP protocols are typically used for data
-            exchange and end-user communications. The ICMP protocol is typically used to send error
-            messages or network monitoring data. All supports all the traffic. Other option is
-            Protocol Number.</para>
-        </listitem>
-        <listitem>
-          <para><emphasis role="bold">Start Port</emphasis>, <emphasis role="bold">End
-              Port</emphasis> (TCP, UDP only): A range of listening ports that are the destination
-            for the incoming traffic. If you are opening a single port, use the same number in both
-            fields.</para>
-        </listitem>
-        <listitem>
-          <para><emphasis role="bold">Protocol Number</emphasis>: The protocol number associated
-            with IPv4 or IPv6. For more information, see <ulink
-              url="http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml">Protocol
-              Numbers</ulink>.</para>
-        </listitem>
-        <listitem>
-          <para><emphasis role="bold">ICMP Type</emphasis>, <emphasis role="bold">ICMP
-              Code</emphasis> (ICMP only): The type of message and error code that will be
-            sent.</para>
-        </listitem>
-        <listitem>
-          <para><emphasis role="bold">Action</emphasis>: What action to be taken. </para>
-        </listitem>
-      </itemizedlist>
-    </listitem>
-    <listitem>
-      <para>Click Add. The ACL rule is added.</para>
-      <para>You can edit the tags assigned to the ACL rules and delete the ACL rules you have
-        created. Click the appropriate button in the Details tab.</para>
-    </listitem>
-  </orderedlist>
+  <section id="acl-list">
+    <title>Creating ACL Lists</title>
+    <orderedlist>
+      <listitem>
+        <para>Log in to the &PRODUCT; UI as an administrator or end user.</para>
+      </listitem>
+      <listitem>
+        <para>In the left navigation, choose Network.</para>
+      </listitem>
+      <listitem>
+        <para>In the Select view, select VPC.</para>
+        <para>All the VPCs that you have created for the account is listed in the page.</para>
+      </listitem>
+      <listitem>
+        <para>Click the Configure button of the VPC.</para>
+        <para>For each tier, the following options are displayed:</para>
+        <itemizedlist>
+          <listitem>
+            <para>Internal LB</para>
+          </listitem>
+          <listitem>
+            <para>Public LB IP</para>
+          </listitem>
+          <listitem>
+            <para>Static NAT</para>
+          </listitem>
+          <listitem>
+            <para>Virtual Machines</para>
+          </listitem>
+          <listitem>
+            <para>CIDR</para>
+          </listitem>
+        </itemizedlist>
+        <para>The following router information is displayed:</para>
+        <itemizedlist>
+          <listitem>
+            <para>Private Gateways</para>
+          </listitem>
+          <listitem>
+            <para>Public IP Addresses</para>
+          </listitem>
+          <listitem>
+            <para>Site-to-Site VPNs</para>
+          </listitem>
+          <listitem>
+            <para>Network ACL Lists</para>
+          </listitem>
+        </itemizedlist>
+      </listitem>
+      <listitem>
+        <para>Select Network ACL Lists.</para>
+        <para>The following default rules are displayed in the Network ACLs page: default_allow,
+          default_deny.</para>
+      </listitem>
+      <listitem>
+        <para>Click Add ACL Lists, and specify the following:</para>
+        <itemizedlist>
+          <listitem>
+            <para><emphasis role="bold">ACL List Name</emphasis>: A name for the ACL list.</para>
+          </listitem>
+          <listitem>
+            <para><emphasis role="bold">Description</emphasis>: A short description of the ACL list
+              that can be displayed to users.</para>
+          </listitem>
+        </itemizedlist>
+      </listitem>
+    </orderedlist>
+  </section>
+  <section id="add-acl-rule">
+    <title>Creating an ACL Rule</title>
+    <orderedlist>
+      <listitem>
+        <para>Log in to the &PRODUCT; UI as an administrator or end user.</para>
+      </listitem>
+      <listitem>
+        <para>In the left navigation, choose Network.</para>
+      </listitem>
+      <listitem>
+        <para>In the Select view, select VPC.</para>
+        <para>All the VPCs that you have created for the account is listed in the page.</para>
+      </listitem>
+      <listitem>
+        <para>Click the Configure button of the VPC.</para>
+      </listitem>
+      <listitem>
+        <para>Select Network ACL Lists.</para>
+        <para>In addition to the custom ACL lists you have created, the following default rules are
+          displayed in the Network ACLs page: default_allow, default_deny.</para>
+      </listitem>
+      <listitem>
+        <para>Select the desired ACL list.</para>
+      </listitem>
+      <listitem>
+        <para>Select the ACL List Rules tab.</para>
+        <para>To add an ACL rule, fill in the following fields to specify what kind of network
+          traffic is allowed in the VPC. </para>
+        <itemizedlist>
+          <listitem>
+            <para><emphasis role="bold">CIDR</emphasis>: The CIDR acts as the Source CIDR for the
+              Ingress rules, and Destination CIDR for the Egress rules. To accept traffic only from
+              or to the IP addresses within a particular address block, enter a CIDR or a
+              comma-separated list of CIDRs. The CIDR is the base IP address of the incoming
+              traffic. For example, 192.168.0.0/22. To allow all CIDRs, set to 0.0.0.0/0.</para>
+          </listitem>
+          <listitem>
+            <para><emphasis role="bold">Protocol</emphasis>: The networking protocol that sources
+              use to send traffic to the tier. The TCP and UDP protocols are typically used for data
+              exchange and end-user communications. The ICMP protocol is typically used to send
+              error messages or network monitoring data. All supports all the traffic. Other option
+              is Protocol Number.</para>
+          </listitem>
+          <listitem>
+            <para><emphasis role="bold">Start Port</emphasis>, <emphasis role="bold">End
+                Port</emphasis> (TCP, UDP only): A range of listening ports that are the destination
+              for the incoming traffic. If you are opening a single port, use the same number in
+              both fields.</para>
+          </listitem>
+          <listitem>
+            <para><emphasis role="bold">Protocol Number</emphasis>: The protocol number associated
+              with IPv4 or IPv6. For more information, see <ulink
+                url="http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml">Protocol
+                Numbers</ulink>.</para>
+          </listitem>
+          <listitem>
+            <para><emphasis role="bold">ICMP Type</emphasis>, <emphasis role="bold">ICMP
+                Code</emphasis> (ICMP only): The type of message and error code that will be
+              sent.</para>
+          </listitem>
+          <listitem>
+            <para><emphasis role="bold">Action</emphasis>: What action to be taken. </para>
+          </listitem>
+        </itemizedlist>
+      </listitem>
+      <listitem>
+        <para>Click Add. The ACL rule is added.</para>
+        <para>You can edit the tags assigned to the ACL rules and delete the ACL rules you have
+          created. Click the appropriate button in the Details tab.</para>
+      </listitem>
+    </orderedlist>
+  </section>
+  <section id="create-acl-tier">
+    <title>Assigning a Custom ACL List to a Tier</title>
+    <orderedlist>
+      <listitem>
+        <para>Create a VPC.</para>
+      </listitem>
+      <listitem>
+        <para>Create a custom ACL list.</para>
+      </listitem>
+      <listitem>
+        <para>Add ACL rules to the ACL list.</para>
+      </listitem>
+      <listitem>
+        <para>Create a tier in the VPC.</para>
+        <para>Select the desired ACL list while creating a tier.</para>
+      </listitem>
+      <listitem><para>Click OK.</para></listitem>
+    </orderedlist>
+  </section>
+  <section id="assign-acl-tier">
+    <title>Assigning a Custom ACL List to a Tier</title>
+    <orderedlist>
+      <listitem>
+        <para>Create a VPC.</para>
+      </listitem>
+      <listitem>
+        <para>Create a tier in the VPC.</para>
+      </listitem>
+      <listitem>
+        <para>Associate the tier with the default ACL rule.</para>
+      </listitem>
+      <listitem>
+        <para>Create a custom ACL list.</para>
+      </listitem>
+      <listitem>
+        <para>Add ACL rules to the ACL list.</para>
+      </listitem>
+      <listitem>
+        <para>Select the tier for which you want to assign the custom ACL.</para>
+      </listitem>
+      <listitem><para>Click the Replace ACL List icon.<inlinemediaobject>
+        <imageobject>
+          <imagedata fileref="./images/replace-acl-icon.png"/>
+        </imageobject>
+        <textobject>
+              <phrase>replace-acl-icon.png: button to replace an ACL list</phrase>
+            </textobject>
+      </inlinemediaobject></para>
+      <para>The Replace ACL List dialog is displayed.</para></listitem>
+      <listitem><para>Select the desired ACL list.</para></listitem>
+      <listitem><para>Click OK.</para></listitem>
+    </orderedlist>
+  </section>
 </section>
diff --git a/docs/en-US/images/replace-acl-icon.png b/docs/en-US/images/replace-acl-icon.png
new file mode 100644
index 0000000000000000000000000000000000000000..6a15d4565dd568f65e5ddd186e2ff11eb50b8bc5
GIT binary patch
literal 930
zcmV;T16}-yP)<h;3K|Lk000e1NJLTq0012T000^Y0ssI2#Pq=600001b5ch_0Itp)
z=>Px#1ZP1_K>z@;j|==^1poj532;bRa{vGi!vFvd!vV){sAK>D12;)TK~zXfwUv!e
z5@8(2?~iNc*2*kj@f8%sFcp;-UqCaRr8b%7EUT@wQbd6R<hbKS5b1bF#Fq>aMG$rN
zKlH=fSi3vRP1?R=yU+7{KliZv9U!UG%>M`y3`f-{cKdvsS1G4wE%x<fDh&rk&MtoK
zC(?OIcqgVY5;`NE^=8g5f5cDnn0XZ%*o-2Xv&+4MWFA8}JVxAsoMtX|e;(yA_Kg6F
zts&{t^X>h^zo)pQ{9eKRJ9i7_7S#XTYy+>^g{0Ew(Y-h=yoRRA>blZ04#hjWq|GgD
zJig$|!V+8pui#YIaO;^xAU0P(kGqhQ)LCRFMoVdV<>>gt)bv}5_s9o&6@wjO+0wEO
zE`h)M@Tr_r%`5`3toyUxWa@Ntd!H6KFX;^)Bu*$UmiAEI6`cVtfkQ-{VrCJD#p%s@
zkCW-p)*daj+y=dg$U#X@Umtk8WLngegMyY;W)TSP@Sv187}=$zx~^Vt!~v>SP}MTp
zCF!QTQ!}%3-<F(iA1v_&LS_*NzD8!B+tG0<5Z<N*yr=;KI5w^<<5abGNaX!5B;9g&
zbag!bnv;Yjev^<{1Y)+iQEVNFA0CtbFfHKK=!^iPyZdiuW@Wwoih&_Ga(A!7P5QjS
z2rTiNo-&I-jD!=#97ycoaD(*G0^Vf}O2N?P*0^#~4&MGjGhy}kLlg%uvj{|w*-=y0
z8{Z(kv|M?06m)xh9-n`3XyohSQXm}3?Y#2Ri$L_4RcEpzu~^*o-Al{WbHj3w^ae<e
zKM;!ixvjBT$SeXuO;+uyjon+z<HG@mM@9`MoGO#PV9uhPnjU+t<nkI=y}DJ4)@Wt-
z!VE!5$~pCX0epRxTBA~Hsn4O2SA|7SV8G$t*LVqy!NTqpwu+=Z3Q?D|zOlKuwBljm
z;|GOBkVi$uRW;m}whov%fv}a`Ys57uevS8;2nGvg045Axhc=OzN_(e7EX%%ois!>{
z@9VrPsF~fHI8NRqtX{1F)95jFFKgk3aB&$mTVa0L=In+F<~EG5k11zj2Z_9S37Zps
zq{b$uNnaqHIYV&5_Humk_L+JAS*<lBj*^-43;3V^4YBr<iverzD*ylh07*qoM6N<$
Ef=sWwUH||9

literal 0
HcmV?d00001

diff --git a/docs/en-US/images/replace-acl-list.png b/docs/en-US/images/replace-acl-list.png
new file mode 100644
index 0000000000000000000000000000000000000000..33750173b18133d1e0a4009e765e7f8da75ec7cb
GIT binary patch
literal 7706
zcmY*;2Q*wy^#AU%$m+d@L?l)$k%&(85~8=&Vi6%~wCJpe=p|}I30AMGcUH6@h~7n3
zT{Vc_{+sXb{Lk<F-Z}5RnR92}%>CTCb3gY@xR!=8IfMlQ0079Jt0?FI0KhnWIg12@
zf0q3$dyjts-E@@Y0Odn$IDCcBMpj)G0H};5y|e)1>$l#j7`Xue6rKNWV6SuGD*)hj
z#d8H&J+GHL8QyQ{rZRfzPi?BtxM#)<;#GBKww)Xu9ajsxG+IpP3xwZc0c&&{*wG*j
zLXx{ia(6IHXn`K#H31?MkX0~Ol&l;ThA9dxcZb4lgWYALEsjc#X1YV-!goPXN=kY7
z@81{oO*U=1?JP<azb=k^f8kD2fB9aWQ`1nhv$HcW2wU|;{rri`&d$~?&{%fZOyp@%
zN1gN~gh=mq7zObpaBF5heKXn>PHXP>X}kLt?Sm)|>416BQG@)!&(EZuaDGFL)XSSQ
zkU<FJLDUu&45XB?WR$THQR&RgViFJShDwb_+}65!y1IJ1??2$;;^r>M&;6h^P*l&w
zokzzZ-c-`CJ$T#Ke6Eg_2%H6=V^Rc@D11O&<@GWY<O#kWOiM|Oi<86TOc!q~eYzZt
z;Jc6xl?6fpVD~&gHg37IcfGskK~FC?_x%t*Ez>Wpt9QsCGC*jS3HX>@G+w~@rK_do
z_b(^0Ej4F=|1TlYRZDJB5Hz}*ns(fY9}@`@H$)6)58LW7#qYnS{-0)U;Kj=gFA$K|
zfB7X7zKNF1I^<Qm*^3j1{HU-WNiawY0NF4H5|t`$c@9+0Y*AbWc&s{$)aKvbo%P5&
zX(-xrj`lxG@nuYYceNQkX=7lh&~6Otr98mT4ggN%k>OR5XDA&wv3=CydP)39<k6Xl
zp^@${i?LSCO&{r|#lzpVyRr5@YOH%nU(Oj4J+2Om*TPE%B%9=j@cpxpPr&dGLV<%C
zC&IYZc#euUMkXV*C3OW^`4_FM8C%1(d=DEleEuAN5iHw#xs|IRp6Hvu6<U&3(CUXl
z$-lzu1Asuakc#lWN6wyB;U#r}f!1!=%3}{h@hP)ixNnjF#M$J0LYcM51?8`e;fogk
zvzcU%lvx~=b(q-bbz~Cbg2W5sM#se}br&(`@Ms<Ag1>Bva*>|j?p%L=zhuTZPZv4$
zl(|OI{HgmGn^>l`Fk~hRNllNysG2rTL`${jY}e13=<v?2eRX{P%uNJ0o-w^#U!^fG
z<W@0Af7>lq_<m+n!r!xnMAzh<6cgi~GSQ75i}_Izx#eoPWpnHzpYS~~?(;nITa9T8
zhCOFcZ&FPojlD&N#MH0F3iOdGW;iXWXBowVBC@7|V*2s@wDsGA-@%W@ng=%b^Ny1;
zl8wAy1%rV300M){gZhQ(VOQtt#$50I0#EM51)uW5-;~XE*EZ{e8{d@J;T7q&-fIi2
zfzZOUv9|MDp=r>$8+P04llc-SHYJ<PCb1tW46RDL3|wnnuUa+0>#Ghqlq0FE-!}-Z
z`nY>uJLhIaNps~Y+blW=#f~RA#65&+Fse58ZELwb)X|cbqjxMp>%~5j5V7+2>Q8#7
zP5O}~Mu+n@mQ{4#y&pv~<c)Q;n;neZ>|b;(7xvD~xaRR@f098Z(seZziqg6hM;8_z
zb1VCoBM+%b)3Uip%`>xi7r4=U^PMu^wyd=f$B97i3ngQ1+F$x2{*y|9*Vgt&r|)OY
z{oradna}(#xVMaRs_IqG(yKolH60flDl%(K#e5FkR9%C43klmVZ+CCW(N^boTgQzM
zpC{0)zg|(-{2pVBj=<|QY~-4O)b~}X%9_sBQr(0Nd8}Qgg?{9q4ti#4StMBUVx;VD
zb>s4=Qk#myq&iW>5bsFp))^5+>NAgfrF!fKlJ{JAS|tqAXyljGoXI|Eg+eJazDEbL
zy$1n{@TPH}B;vU^9QD_9biTm#MoaS)U;G|oO&Sc=$o_QycL$1F+UrEz8ug=naa8=7
zZ++shQKY5-!pxL+NMOsd!h5>LW`A}Dw^e8|Npg4kPsZgbOf|jslqCqa*7)EX;mM{H
zpK66v!@GAqP0Sa}3Lgx&#0=uZU^U4sZMt#k@?v>ISgrNO)Cxtj4WYE=VYUXrSL{V+
zEA*<_l76(%QR?-tCLY5M0eU6}Uj|SVnRy3)244+6H%}Q>d^f+PeRQ2}gyVLoayMJI
z2L*#<^8f^s=~0qAzQS9}(mPH!L!q@d4bA5qb%91B4{wzQ^=h`Y?x^)ErQVzdT(}us
z<oYS`iEFgBmbog9=S;j;)H~K9spj6HzuwSV*1rC^+d~bSA>KYrp~HP1lrqn4SIv~R
z^?N1knNgWbt7<T;(XR1W<D%O`Fg0PqMx3WQu46vH;wU{T0Tv^e@j2tVc-)9>^F_Ia
zhn98Bpz2K`;<28&98V(mCT*tq%2<fI!Fulk32#!U{ewfv1QLy`7iN9#h@abe9|!ig
z*K$P(!BORSg-W~a^R{Pxe7of<-rijBdV6Tg>R00z{l%(f<CB;Yvpk{kkm;@MouJ!>
zP0;<F5;LoMvup?HS;HICfL^y$U%Za_>?jxYt(h90$C2E<u*|16BP*XH9i}J#)Tc&H
zDj3ACmk;O6X!Cc<#yFL5>N2A@2=)w46D|aF4j-!(V5tucHKGR);Nf?V5qag<+oQxT
z{<%Y(L-LE?PJRX0vKKA3OFr?KC?|^WY<i|?#IHBnQJ|H~^8NA2XI6{61CqhizB?0c
z5%#3DVYA&syq(o)30NvRfhG_cT$|K9xyt3uT;}XNgGW`Wt<bxH)yHZ4G2W;HlL~#w
z<|_zg=^626dy=QqkF+HBuqRq|4Z|ka_EuY6HR?LgI(1_f-)6e+wa_#o=;?nqES=^I
zX$sC0=5Jm#wwNs58gwJY=}E%8&&C^yg-zaI)%e{+9cGg(dA>8Ih(|UI{XTU2Rf38u
z-EZBf>HEQ?A6}iv9?%vVoRXngETgaq@nPItQ-T*s=DcR7B|<u`yXANBTdddC%|_e&
zbDvTG0fUDi4{2Kadj^YEx7L&1v#DO!8kXv8%O54H!@FqE7UJr&$EwxKiY$365&bK_
zsc7{S-@uyfeAcgm@%_+mIT|Y7g|wM#Jx&F*DWf*3Ja^j2gc!IgQGOrMiPnFg-NU(-
zcsDdbBZqq=nC+m|xs2-{?&}gAThgU{m1xaLYgF&2mY{2So}pMMd>CizVjDVap(~3W
zW$u1zB&=ihsz}g$7#D86w`U?(OTW3MO<3G6&z>zNr{7q~*ZQ#}(rv}-otq9`7bQa^
zkQe5i%6c&vFR$I5;cSLGUrbiB3OCpqrpdmBzn!45ND>l2lu1jx>pbIVar54)-F?I1
zamn909o>nWFDtKeGxE!1elAuZA^Lj6E<cxz{b|9PwMOhPCu-F=!D_UC`?Y3l`?wrX
z<BU@^`|q2>;%Sn~_j!VG^sg)5cjo(*-&swC4}JWwqPzWbO&tr9tHs4|i4<->Sh*E0
z2uBFHS~;^UFl5R8>THttvxXhb+vo5Ef*${p`SJ%#X#~5QW^8l#=o7b|t%jwr(ERK)
z4THucN1b=w$=Wq*mo}7203v{R%%(E8(nT+Ax=__vY_l~nbTjSZ;jlPUsZdyJ(^LA}
zVTT#N`v#^4?kw1wIqMz&qzxIPah(@UXBciW-)ekuSJM_G8#+m1n$GZ*`3nXvBRe@X
zL;4{8@ov;Stcogv$=!8VPF4Cj?RKa7*)5|nY`AHs2&tevb8yocidNcg#fi}smwq_u
zn%q|XZhBsu{!83_4~A@2y@X*B)NTD^a<LySo3sYQobT56Ep~wK#H$(^8y=YET$TpO
z=g6CWd_EFcnE1VYOHvn``=v7+akRZOcqI~s4^Rj?1m=tIqp?=0+CQipzt*GHN4^ky
z-!aX_bF=Ft=XL+b?*`Xj{W3DYe$g?pJ?6Rbvu;4@CVA@MBBXi2H;u(mZlUeS^rPt9
zxZ4L-A`;aVLAd!nk(0`FT}%Edl9J%l?%22&dt-8Z$*DdK_bC@fs@s}0D%}T+@^@(&
z<h7bsTlj}L^}=~AU3kmaFP@et0<(6;>-IUz?k&5``qsVPD9mYeOABlko;`RG?lHq=
zFOPlF01?RUT9gb3{tf_x<nct0rxM4$GxesM5OuU_rYI!!qqvz=3`ObJzd2?mZ8CL`
z7UC<_q>~)9)`H)n7IUIzIVthH@m~~U@FaaP`e4wkYi>_>@#@WS$hv18pY+Jt$k8s=
z?zL~Z$2!~I>GJVppm)(_dqVvmu>}deckZL}r1NZ(a@O725Qt0=Knn@9$EJgIj<MV0
z`+~aHET2y0yd<49dt3Jp|0did+Mh2*ysp}NBy#1qA8uo5z8rfk#A)HDHyT;JrYkGr
zM9=2q^6oycWR<k9_~D;$PCNl*QUemfdKe9bEnfFGgmtaUqrQG!%V?z%j_p@%R22V@
z^`_$Y!DUpu*=)miu87aql2Vf<zIS1n|F;1lBM++MPW2zcM^U`k9&U>N7<wWP2B~O4
z_dj$x5Db7}Sn$-m6AC~uua%76RB+glfX5907!VrI!3Co5<DBeLe*2G)pBu_BpnYVY
zLJ>0Hw+ovbGK-U14CodQapN<WpqS(X(TYcqrKY5cmoh-Lfa*`Q`0w6(NVSdm7Mn(0
zVLUEoTQP?qX5jb7Gi9<|Jd1F?xf4aV5k#SdK|%;8JV+71$pEc8h38}e3(DF+zyRff
z2VJ{#Itzp_2?St3g7N&?f=&Q{7MOo~NDFasXEk3c(Ozy60-)V}6>}`{(Aky(>Pxc&
zss2k^ezxO#A;|yh#RNuZlNANVp+0J1WPzsjJ`G$-K)8>s@a8|(PE8L$Q|;p6K``L~
z>GacAx|CAL$VLXzV>*X><{X7=zmALi6l^Lit_B4(I-PmIDG~V5WPn$^OG0QLu8jvt
z<(Y)DU$tB7Fx9ho4D?Mb94~#zVcEt@A;Q0?hOp*%z|IXdqg#21lY8jN*T$j^I1cw)
zu-Io!kTvID4UUG(YQ$)PK;r*q3qX?{>NB6DFbIW$u66#`7Jy`nwugaNN*$DR0_C7f
z)f3`2*5^yjv|dOM3omlZz^cPv(#+2^JrKESC8cHR2p-=`-Sjpvp*@{y2T>R@Qo<xP
ziNQ)nK!?TmPEcjM_bj#%3tT~eqIRaT_i-%~M(Y!Ybz;DD^E77&=77xJu`L|XmN-(Q
zt$pWCg$ZCl5UsRox2!p9=9_yMnI{0v3IuN$Ph=GU;OAflGoaAkRn9@M3KJb3diOFr
z42%Lk{j%pdP>4PFz+ipoAkRJZ%l>=N7v4Xi`gx1StHjzFt22u)R~FZZ(SMuY(qTqh
zzG6QxfWr*T0}lfaq7Mk*=ZfL=(xm<P(o(N24~C$`W`$KuNel>U9o_u4=JKgg@j=06
zs;bVtgr5Dn+HZ2u<c3C5To@~crEE9i@Bp*Pa;6l6w{)I<dy(y%(XBb*xwx**Fl~p!
znV`@s0?G>_CvA2$BHcdF0;r@~fRn3&#*7xypo1hf==~$&N`@KbMKdAmOdX`;_Hr7E
zEahK~Zt2U%vIibbOa&I4T-2-THbP7H3~)K$%Lt#eliy0x?oll2Z=v!5!ZAtqU@t^1
zxzr~sV}gOJLj^CL7e5Przuj%Pox)BLZ94m@X6X-~nmB1iot~7Bq=2Y<;L_dJ*q`gf
z^6rV>YoV?t-57b|kYOivRX!nazo?RdGyZI8WVhdk4+<-*cfWzkbLp0XCNBSkv(X|a
z^fPz%i;o`@v{Ts2IBsd*(AkM(*H>VVzR!==Rd7hMU2o1#x`^GcHAS8CJF(YahT%Ho
zvq2|#2}{7Z=Z)-58BGLwh@4D(Jes1fh_8&^9X^Q(QH&A}$+%4FAyz%EjE{TW_u$fz
zXTr#+PnFk-qsi+n6hp9eyhJPZIuhOXJ=x9TB3}6(;<^5a%AFEFUsH`Yhszbvk3N4-
zM|-~Kk|&YDuk;B^QRK&Z*iS1oaQCp@)ZU6gX83Vp<=s&Ks->_$uewwJjNDHHlrG7{
zRv8>%?3ld1rLEeGTyy*`G{hWK4#Yk|OTIH+cx4M4s$3+b+a+?6a0Vuq2&h8fFld4-
zZ~qz){;rF9sSC@~Tf_rUGpZoR>PVuW*#~ldCaCTTZ2=|6O0i(#McAAq6=-)1+paHy
zJF>5XWPNU$t~TC(r&o+7xFT5pWtp&xb>T?+Sa7Olrvg2cNC3k2^;aY{YT`*T5X-+%
zdvVHA6rXvddc!Q+C=ljNHS+f5_I6#aiv<78RUd5=rOF8im+{OzzvyK20oHJ!lHS3^
z;GX%8QeA0K+HV~WxRdkYtqulcUg;E(3lBRybT42P(FI#qh{YVZFhQ?_C^t#e>SE|w
z@3~RdR?d{P1<7*KF{kzA6nPp4cm&2JKOy`1B3VGsuR!N1&PgQh1>YO4qX8WM-II>i
z=L&E+uKU=yKiW^zx(C0zDbR95GN|0(vOn&{s;>umY#dvOtx?0-A9<WHzh{9zvEE$%
z#MMOkoiVpLC{aTh*ZGHp&pImv75rD@D^JLv1v!}xtS6S!8};MapoPme^#YxH3xTcY
z`p<WQBiVGGjUYI?uOpSsQjkX$?h_jUT91vUKc?8h<4*t2(TABrmb3+je{x1RO+@V!
zS*@3PW4AK|58S?53gVhSU^g4X(C-^avvI}`@y<Q{l(Y9Kaq?*BLL%RiuqBTYui?Y+
zu?tx2+H{%yIxQF_-4~lE5~{moB*)hb9lCEI12C}YL@ST^<Vjo=ce)n>IAJocYUs2Y
zT7NLk*qz)H4$V6jTQW}t0VZud4AZCP7A|0O1GWUPRJY-PANdH*zF3=-WmQU{8mCWe
ziYBOzEaVV9+UZj%mhkD3Y3(k}W_ITQFk$Ghv|kz+3{uj@^e%D{v)BO#dW%t_6#%m$
z%^iWxEaWwPmi>f(eNyMW*xMW!9g+7(r{IQR00P&J%K6v=Vh>uiGGB@$fCCsfMWIW?
z_$XtB>Ut#2$evNiWTF3=cyO(g$yp94%>zJyMbRr{xZ6Q_QBTTM7k)b}5Wty!o~hyE
zApv^D-7EHP)R15yurzvyOh5R9+TzTDZKYz79S~4MU@+WzA>jXT2>^Qr%b8k*sM*l!
zI8^GiI?mktI+#7)<8!FQ0)~=KUOx3BL0*SH5QWN26%%EIncyf8IDOy=_2g>rn#2*=
zbC|8q4~wwQ1h9<)|FeJY2*XTOKmhQti``~|WGNRyjS=EZOJM@^<*XpJNu!>O1mfs;
zArz+zjK$DMAFbitB#so%AjS=mX`MP5T$kdo3C&<#s4nIndVXPT`9U?D2%vVg8-eC!
z3Ys8rpXFVm`L|?$Sj@zARrU#o-UlUX^^evHgn}c^^n(zD$yEXh7dl^pCcJ+`Wg}jG
zgC!mMcNV1Y($HkHsXl%Uga_=DhoNf-4UmsU#?LHyMJ9Az@+6vg>Hd^}X3ILCI0Xu8
z4JPrqfzecrOo~7NsS8J4N{6L;Cp7Ce8vRz!3fyE}p_>;8m^+dK%0sgj#9`6Ryc*o*
zc+{!<>65td1}k;9;awPE&O+X$1E2vgyuge;=@rD5xOCC?#3C0EJ^nX8*y=;x_DzbR
z0c3#+;)MdFxf`|<cPsRMuzkytE{9)*$s%S%-pabb$LR5kopodgvE|=lq!jw$q1>sV
zf(3Wr8wihg(zn`&xkgoDDJ+8nEbA0{;2NWU20HI>uBT3R%<X+<bVtdn3j5+T?5;(Y
zoSfzk2<@jB{#x_0h%u*$Ao=!3LeWYuRXQgZ!>7o+f|%Qd9wQWRsgrYyb3F_#8YZt0
z?vj&a3NZMuFLsxvSc68GYkcXcXvh<=Byiwya#b@j1VM@!)$OGiZvw!J$Bda3YGA7n
z__wI$F!^uFBMuBA_lBv})0qkvz&k9CcyItEzux3YSW&i?eo88lK*o69;_ISGV%bq+
zU8hv|Cm&#j2YKb8)PdOmBp3mN14ojAQPjpDQq7&BJQ+jHUyTum$}#K<6&oR;UxQKA
z#B#i~-pN$4YlWwm2*Z=ss;a63L7VcIZKnQLO&|g^D4Um9nN{hxk=#D5%%&81?sk#*
zz2xH3mbcke2ghY55#$(1%n&<C**ISJ)++%aIw&7stILk@;9%N6*@tpAHb;cK+|l#*
zA*hEMJ7YEa>K?U^))?S9y+mdnw+0S~EM}5>otBr+b((7tPKGr;rMI3iX#x4T7h1P!
z7B(MYJYS}ZJ>))eiG~78>Y8R54}oy@w`)1drz&h5k*w&*oPJC2Us4!Hv&$bk8%%N0
zes>~)nry?$Jr_S%%%byKJS=<IXSZGBkotzY%aM(MWJl6c$vKTD6s%T8lbt40U2~Id
zCR5)dUDilgyf17T_i-DhEukr$%L<eCFBU_CiS`zNaDM<Prq~6P?0CXNp?XP}R1#h3
z@Fs`cW?H#COajq26Vp?s*{53_&bQw|;$y^mC$N|gaN#5K^cDs}h?tlfKedd(R7EP3
z1~$wy4IIV&)Tdt0PWSA5&i%E#_hXI&Tl&L8P6#jQz3saUR8k@;tUv^q5N&6_<u5>t
zm~n2t^B`ob2VUN5J-L(QAB{d$dG0l%?D*bIqD4G+^lR6{{<|&2Z=@+dzqbG9C;#k_
zC06>eN!<L$1<8QV)m(@eR%+?$F;@*iK?*fPJ+=Q!i@VY+uUri7D)Y6Fl>_SE>UqS!
z-9r0ZAnc$r7`xJv!|s-h&MI~4Z~~T*@j8#$0So>Y)52<t*G3e&aEe1qr*$;Ef=e~r
zrlRyK`JzQ|>-qdQ?TP0gL=p5cfq{Q3rNIi8KidP=qxfLx#y>`=JAiZ12Nm-m8upjw
zqkA1mZ&8^0ycH{zE3J0AW{R#MHY)iB*ZU;BMwD@vfY3Kk#P0$KyAQ=3XYNBHzF*$A
zz}VSpIdwC8J?;H-C2Gq8K=1&QUnHtnA3ka!f#>%qt=4g1AYXQ!E<b|cu0gBj{ik7)
zE-sw}1G@%US5mUeo&q(Pc8D!W>4=xGRw(J%)yw-J16?bWtNe%6U;JQayN6i|RYdKc
zdZH`zcMuCtQvJ}ek3;ibGX^^cKE%h1Z{J4d)YaRVkgLP|U~_!y+h|(~lKhV#It!jf
z`@~0ue)U97{ttZn0#$~axm`clb5Qb^gaemP^X>JcHCC1q$~s4vo_2UcK$97B_5P1J
zkgHP4rqTo(mAzhpoU#0$I*|BX4ko?G7|a{m{K3=D7oWtue|rn_<j#Y?y4K`-G(PRq
zG>CW<KoRb_H^1LahUPHH{99)_o+?T*8XSz3s#KsnM(^eW%Fc0lh2dF9B}_y|^@rkp
zV=w~eBn@*aO1^MxEFH6zTiBrjzXX%~eF|b=4@jov<r$F2*tPjiF&+lg6Q!iR5>t=6
zXlRY{oO5jqXc;+x-Swis)AHmHqvK2ONyZ7Y7Kqo4Ku(O#Z%5+Xq+!hq*3%0r76UA?
zbFN~R5vG0Z(acaY34yuaY!*epM*y{50vT75)ws}WbGatP>Dkeo>6Tb@X@=~?6<Sgm
zt}*d8y%bx&OHctKemP5a%gSmQ&5>;Uqv`E$?AhVEiN6=l9Y6VKMh;kGdT0EiT~D1=
zv=?hT23IRPPveNBSH^7awi4^g2Mz7AL#p`o^@UPjIF^+`UQ}FI%+#qQxALWo?Z`M;
z@Yb=AGj+Laq4l_*o3bJE^834B5!ErbC6o@0ATNV1Z7K5S2tMkY%GUrVTfFzf(0VsU
zT9*T~7!0Ta6lur;<bC!mXbru~JQW7+DQoHdf+xv(vy=l^hRzP89D_(`o{!B76_u{s
zX5)lih!aelE;|xH1dhr<?lHC~Q-+5>2P6jst?pmQ6G5r;AYAtgrjdC)aur!Rw9&We
z@tJE(#P;mhnvU_r_$M6H44klk349i&(yDiCbX3lGPP``c{t(H(bHca^853U{4UM7r
z?nwEA!^39Z-H!i$9W?19rpgx-N}~S$jhm@{O~1mZm7X`(^k33WSO%gq*_o}49I@+*
z{}B}xH}m(45bxv1`#-beXPeHmCcxyO_=7$}$kV4^VmPEL{brs(O1+F*6I0J_rcsn^
UV^o>*0Q~h_QA43z4)Ol~0dWDLRsaA1

literal 0
HcmV?d00001