[squid-users] acl src question
Service MV
service.mv at gmail.com
Thu Aug 15 20:10:25 UTC 2019
Thanks Amos. The indication was useful.
Best regards
Gabriel
El vie., 9 ago. 2019 03:19, Amos Jeffries <squid3 at treenet.co.nz> escribió:
> On 9/08/19 1:57 am, Service MV wrote:
> > Hello everyone!
> >
> > I have a network 192.168.10.0/22
> > I want to let the IP ranges 192.168.12.1 to 192.168.13.254 through my
> > proxy, but not the ranges 192.168.10.1 to 192.168.11.254.
> > If I don't misunderstand the documentation
> > <http://www.squid-cache.org/Versions/v4/cfgman/acl.html>, the correct
> > way to do this would be:
> > acl mylocalnet src 192.168.12.0/24
> > acl mylocalnet src 192.168.13.0/24
> > [...]
> > http_access allow mylocalnet
> >
> > Is this right?
>
> Close. But that would include the machines with *.0 and *.255 address
> outside the range you mention wanting to match.
>
> If your needed range does not map to nice CIDR range(s) you can set the
> start and end address instead:
>
> acl mylocalnet src 192.168.12.1-192.168.13.254
>
>
>
> PS. setting the LAN range(s) you want to use the proxy is what the
> "localnet" ACL is there for. The values provided are just an example of
> standardized ranges that will let the proxy work on most networks by
> default.
> There is usually no need for a new custom name, just edit the list as
> necessary for your policy. Unless you mean something else for this
> custom ACL to be doing - in which case you might want to consider using
> a name that makes the access rules read in a more easily interpreted way.
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20190815/5d7280ef/attachment.html>
More information about the squid-users
mailing list