Re: [squid-users] acl [NO] bug (when peers configured)

From: Michel Santos <michel@dont-contact.us>
Date: Fri, 31 Aug 2007 09:24:22 -0300 (BRT)

Henrik Nordstrom disse na ultima mensagem:
> On fre, 2007-08-31 at 05:17 -0300, Michel Santos wrote:
>
>> looking this over means that when the IP address of any 'acl peer src
>> $1'
>> match the IP range of 'acl all src ip/mask' then I do not need to
>> specify
>> an additional 'http_access deny peer we_acl' if 'http_access deny all
>> we_acl' is defined before right
>
> Probably. But I don't have a good view of your http_access rules..
>

they are exactly the same for 'all' and 'peers'

under the acl definition list come the deny for all and peer and under
them at the end the allow clauses

>
> in a src acl a network speification (ip/mask) matches all IPs in that
> network, including the network and broadcast addresses.
>
> 192.168.1.0/24 is the same as 192.168.1.0-192.168.1.255
>

really ;)

a range indicator is allowed?

or did you wrote this only for better understandings what /24 means?

> Note: 192.168.1.1/24 is an error, and read as 192.168.1.0/24 with a big
> fat warning.

but 192.168.1.1/32 is not

michel

...

****************************************************
Datacenter Matik http://datacenter.matik.com.br
E-Mail e Data Hosting Service para Profissionais.
****************************************************
Received on Fri Aug 31 2007 - 06:24:27 MDT

This archive was generated by hypermail pre-2.1.9 : Sat Sep 01 2007 - 12:00:04 MDT