[squid-users] i need to match 2 access list into 1 access list action
--Ahmad--
ahmed.zaeem at netstream.ps
Sun Aug 6 22:06:59 UTC 2017
the game I’m looking for may be complex a bit .
well here is the game :
i have squid ruling on IPV6 and 1 ipv4
so i have an ipv4 1.1.1.1 address which go to null 0 network which mean a fake route .
buy that i prevent the IPV4 websites from loading .
so above is sufficient for that :
>> acl ip1 myip 12.58.120.72
>> tcp_outgoing_address 1.1.1.1 ip1
but sometimes i want to allow the IPV4 websites but for certain source of ips but i cant match the src ip address with the acl “myip” so that some ips get ipv6 websites only and other get both ipv4/ipv6
thats why i posted the question , I’m sure amos u will give me magical solution next post :)
> On Aug 6, 2017, at 3:38 PM, Amos Jeffries <squid3 at treenet.co.nz> wrote:
>
> On 06/08/17 22:17, --Ahmad-- wrote:
>> he folks
>> =======
>> i have acl as :
>> acl ip1 myip 12.58.120.72
>> tcp_outgoing_address 1.1.1.1 ip1
>> but ACL above will match all src ip addresses .
>
> No. It will only match traffic where the "myip" value is 12.58.120.72. It has nothing to do with the TCP src-IP.
>
>
>> the game i want is i just need to allow the from src specific ip address to match the acl above .
>> so what i want to do is :
>> acl hhh src 12.58.70.10/32
>> and tcp_outgoing_address 1.1.1.1 ( if the src was 12.58.70.10 matching the ip 12.58.120.72 )
>
> Do you mean to detect traffic from the 12.58.70.10/32 going to dst-IP 12.58.120.72 ?
>
> Or do you mean to detect traffic from the 12.58.70.10/32 going to squid-IP 12.58.120.72 ?
>
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list