From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Adrian C." <drupix@gmail.com>
Subject: Re: squid acls
Date: Thu, 21 Apr 2005 10:19:49 +0300
Message-ID: <42675415.5050604@gmail.com>
References: <200504201843.53350.fluca1978@infinito.it> <op.spjpj1i9izdgzp@mail.nairnconsulting.ca> <200504210911.22672.fluca1978@infinito.it>
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Return-path: <linux-admin-owner@vger.kernel.org>
In-Reply-To: <200504210911.22672.fluca1978@infinito.it>
Sender: linux-admin-owner@vger.kernel.org
List-Id: <linux-admin.vger.kernel.org>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
To: fluca1978@infinito.it
Cc: linux-admin@vger.kernel.org

I think it's best for you to use INPUT chain for such filtering. Just 
match port number for squid.

--Adrian.

Luca Ferrari wrote:

>On Wednesday 20 April 2005 21:25 Richard Nairn's cat walking on the keyboard  
>wrote:
>
>  
>
>>Hi Luca
>>
>>It can be done. The FAQ says so...
>>
>>The access control has the "arp" keyword. According the FAQ you have to
>>have compiled squid with the --enable-arp-acl switch to enable this.
>>
>>I think you would use it such:
>>
>>acl USERARP arp arp1 arp2
>>acl USERSRC src src1 src2
>>http_access allow USERARP USERSRC
>>
>>Since ACL entries are or'd and ACCESS is AND'd.
>>
>>    
>>
>
>I already do this, but this implies that a valid ip and mac in the two acls 
>can connect, while I need to check if a couple ip and mac (not any 
>combination of them) can connect.
>
>Luca
>
>  
>