* squid acls
@ 2005-04-20 16:43 Luca Ferrari
2005-04-20 19:25 ` Richard Nairn
0 siblings, 1 reply; 4+ messages in thread
From: Luca Ferrari @ 2005-04-20 16:43 UTC (permalink / raw)
To: linux-admin
Hi,
I'd like to know if it is possible to enforce a squid acl to check, at the
same time, the couple IP and MAC address; I mean to verify that a requests
come from a couple ip and mac specified. Anybody had already done it?
Luca
--
Luca Ferrari,
fluca1978@infinito.it
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: squid acls
2005-04-20 16:43 squid acls Luca Ferrari
@ 2005-04-20 19:25 ` Richard Nairn
2005-04-21 7:11 ` Luca Ferrari
0 siblings, 1 reply; 4+ messages in thread
From: Richard Nairn @ 2005-04-20 19:25 UTC (permalink / raw)
To: fluca1978, linux-admin
Hi Luca
It can be done. The FAQ says so...
The access control has the "arp" keyword. According the FAQ you have to
have compiled squid with the --enable-arp-acl switch to enable this.
I think you would use it such:
acl USERARP arp arp1 arp2
acl USERSRC src src1 src2
http_access allow USERARP USERSRC
Since ACL entries are or'd and ACCESS is AND'd.
On Wed, 20 Apr 2005 10:43:53 -0600, Luca Ferrari <fluca1978@infinito.it>
wrote:
> Hi,
> I'd like to know if it is possible to enforce a squid acl to check, at
> the
> same time, the couple IP and MAC address; I mean to verify that a
> requests
> come from a couple ip and mac specified. Anybody had already done it?
>
> Luca
--
| Richard Nairn Specializing in Linux
| Nairn Consulting Web / Database Solutions
| Calgary, AB
| Richard@NairnConsulting.ca
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: squid acls
2005-04-20 19:25 ` Richard Nairn
@ 2005-04-21 7:11 ` Luca Ferrari
2005-04-21 7:19 ` Adrian C.
0 siblings, 1 reply; 4+ messages in thread
From: Luca Ferrari @ 2005-04-21 7:11 UTC (permalink / raw)
To: linux-admin
On Wednesday 20 April 2005 21:25 Richard Nairn's cat walking on the keyboard
wrote:
> Hi Luca
>
> It can be done. The FAQ says so...
>
> The access control has the "arp" keyword. According the FAQ you have to
> have compiled squid with the --enable-arp-acl switch to enable this.
>
> I think you would use it such:
>
> acl USERARP arp arp1 arp2
> acl USERSRC src src1 src2
> http_access allow USERARP USERSRC
>
> Since ACL entries are or'd and ACCESS is AND'd.
>
I already do this, but this implies that a valid ip and mac in the two acls
can connect, while I need to check if a couple ip and mac (not any
combination of them) can connect.
Luca
--
Luca Ferrari,
fluca1978@infinito.it
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: squid acls
2005-04-21 7:11 ` Luca Ferrari
@ 2005-04-21 7:19 ` Adrian C.
0 siblings, 0 replies; 4+ messages in thread
From: Adrian C. @ 2005-04-21 7:19 UTC (permalink / raw)
To: fluca1978; +Cc: linux-admin
I think it's best for you to use INPUT chain for such filtering. Just
match port number for squid.
--Adrian.
Luca Ferrari wrote:
>On Wednesday 20 April 2005 21:25 Richard Nairn's cat walking on the keyboard
>wrote:
>
>
>
>>Hi Luca
>>
>>It can be done. The FAQ says so...
>>
>>The access control has the "arp" keyword. According the FAQ you have to
>>have compiled squid with the --enable-arp-acl switch to enable this.
>>
>>I think you would use it such:
>>
>>acl USERARP arp arp1 arp2
>>acl USERSRC src src1 src2
>>http_access allow USERARP USERSRC
>>
>>Since ACL entries are or'd and ACCESS is AND'd.
>>
>>
>>
>
>I already do this, but this implies that a valid ip and mac in the two acls
>can connect, while I need to check if a couple ip and mac (not any
>combination of them) can connect.
>
>Luca
>
>
>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2005-04-21 7:19 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-04-20 16:43 squid acls Luca Ferrari
2005-04-20 19:25 ` Richard Nairn
2005-04-21 7:11 ` Luca Ferrari
2005-04-21 7:19 ` Adrian C.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).