[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-admin
Subject:    Re: squid acls
From:       "Adrian C." <drupix () gmail ! com>
Date:       2005-04-21 7:19:49
Message-ID: 42675415.5050604 () gmail ! com
[Download RAW message or body]

I think it's best for you to use INPUT chain for such filtering. Just 
match port number for squid.

--Adrian.

Luca Ferrari wrote:

>On Wednesday 20 April 2005 21:25 Richard Nairn's cat walking on the keyboard  
>wrote:
>
>  
>
>>Hi Luca
>>
>>It can be done. The FAQ says so...
>>
>>The access control has the "arp" keyword. According the FAQ you have to
>>have compiled squid with the --enable-arp-acl switch to enable this.
>>
>>I think you would use it such:
>>
>>acl USERARP arp arp1 arp2
>>acl USERSRC src src1 src2
>>http_access allow USERARP USERSRC
>>
>>Since ACL entries are or'd and ACCESS is AND'd.
>>
>>    
>>
>
>I already do this, but this implies that a valid ip and mac in the two acls 
>can connect, while I need to check if a couple ip and mac (not any 
>combination of them) can connect.
>
>Luca
>
>  
>

-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[prev in list] [next in list] [prev in thread] [next in thread]