[squid-users] IPv6 and syntax?
Amos Jeffries
squid3 at treenet.co.nz
Fri May 15 23:41:58 UTC 2015
On 16/05/2015 6:14 a.m., Walter H. wrote:
> Hello,
>
> is IPv6 somewhat similar to IPv4?
Somewhat, yes.
>
> e.g.
>
> I would write
>
> acl block_ipv4_range dst 84.84.84.0/24
> deny_info errorpage block_ipv4_range
> http_access deny block_ipv4_range
>
> to block any hosts within this IPv4 range
Taking a step asside, that is not quite what those rules do. They block
access from anywhere *to* the IP address range (TCP/IP packet
destination on the request messages).
If you were trying to prevent those hosts themselves from accessing
anything through the proxy you need the "src" ACL type.
>
> how would be the syntax for blocking any hosts within a specific IPv6
> subnet
> e.g. [2408:8000::]/24
FYI the [] syntax is URL format - for uses when a port may exist. So the
':' between IP:port dont get confused.
>
> should it be this?
>
> acl block_ipv6_subnet dst 2408:8000::/24
> deny_info errorpage block_ipv6_subnet
> http_access deny block_ipv6_subnet
Yes. Though the /N CIDR range is probably different. An IPv4 /24 is
equivalent to an IPv6 /52 (255 separate pieces of hardware with a
mandatory /64 each).
Amos
More information about the squid-users
mailing list