[squid-users] i need to match 2 access list into 1 access list action

--Ahmad-- ahmed.zaeem at netstream.ps
Sun Aug 6 22:06:59 UTC 2017


the game I’m looking for may be complex a bit .


well here is the game :


i have squid ruling on IPV6 and 1 ipv4 

so i have an ipv4  1.1.1.1 address which go to null 0 network  which mean a fake route .

buy that i prevent the IPV4 websites from loading .
so  above is sufficient for that :


>> acl ip1 myip 12.58.120.72
>> tcp_outgoing_address 1.1.1.1 ip1



but sometimes i want to allow the IPV4 websites but for certain source of ips but i cant match the src ip address with the acl “myip” so that some ips get ipv6 websites only and other get both ipv4/ipv6 


thats why i posted the question , I’m sure amos u will give me magical solution next post :)



> On Aug 6, 2017, at 3:38 PM, Amos Jeffries <squid3 at treenet.co.nz> wrote:
> 
> On 06/08/17 22:17, --Ahmad-- wrote:
>> he folks
>> =======
>> i have acl as  :
>> acl ip1 myip 12.58.120.72
>> tcp_outgoing_address 1.1.1.1 ip1
>> but ACL above will match all src ip addresses .
> 
> No. It will only match traffic where the "myip" value is 12.58.120.72. It has nothing to do with the TCP src-IP.
> 
> 
>> the game i want is i just need to allow the from  src specific ip address to match the acl above .
>> so what i want to do is :
>> acl hhh src 12.58.70.10/32
>> and  tcp_outgoing_address 1.1.1.1 ( if the src was  12.58.70.10 matching the ip  12.58.120.72 )
> 
> Do you mean to detect traffic from the 12.58.70.10/32 going to dst-IP 12.58.120.72 ?
> 
> Or do you mean to detect traffic from the 12.58.70.10/32 going to squid-IP 12.58.120.72 ?
> 
> 
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users



More information about the squid-users mailing list