[squid-users] acl src question
Amos Jeffries
squid3 at treenet.co.nz
Fri Aug 9 06:18:53 UTC 2019
On 9/08/19 1:57 am, Service MV wrote:
> Hello everyone!
>
> I have a network 192.168.10.0/22
> I want to let the IP ranges 192.168.12.1 to 192.168.13.254 through my
> proxy, but not the ranges 192.168.10.1 to 192.168.11.254.
> If I don't misunderstand the documentation
> <http://www.squid-cache.org/Versions/v4/cfgman/acl.html>, the correct
> way to do this would be:
> acl mylocalnet src 192.168.12.0/24
> acl mylocalnet src 192.168.13.0/24
> [...]
> http_access allow mylocalnet
>
> Is this right?
Close. But that would include the machines with *.0 and *.255 address
outside the range you mention wanting to match.
If your needed range does not map to nice CIDR range(s) you can set the
start and end address instead:
acl mylocalnet src 192.168.12.1-192.168.13.254
PS. setting the LAN range(s) you want to use the proxy is what the
"localnet" ACL is there for. The values provided are just an example of
standardized ranges that will let the proxy work on most networks by
default.
There is usually no need for a new custom name, just edit the list as
necessary for your policy. Unless you mean something else for this
custom ACL to be doing - in which case you might want to consider using
a name that makes the access rules read in a more easily interpreted way.
Amos
More information about the squid-users
mailing list