Salve a tutti.
Vi chiedo una mano, perchè ho installato Squid, in una rete lan, e tutto funziona corretamente.
Purtroppo come spesso accade c'è sempre qualcuno che esagera, come posso bloccare solo alcuni indirizzi ip, in modo che non escano più su internet.
grazie
acl ip_block1 src 192.168.0.2/255.255.255.0
http_access deny ip_bloc1
I have tried all ... but the preferred remains SLACKWARE !
RHCE (Linux Red Hat Certified Engineer)
CNAC (Cisco Networking Academy Certified)
"Non auro, sed ferro, recuperanda est patria"
Innazitutto grazie.
Però non va!!!
xxxxxx # squid
2005/01/21 12:54:23| aclParseIpData: WARNING: Netmask masks away part of the specified IP in '192.168.0.247/255.255.255.0'
prova senza mettere la netmask
I have tried all ... but the preferred remains SLACKWARE !
RHCE (Linux Red Hat Certified Engineer)
CNAC (Cisco Networking Academy Certified)
"Non auro, sed ferro, recuperanda est patria"
ho prova ho messo li'indirizzo che voglio escludere, però questo si collega ugualmente.
Ps, l'errore non lo da più.
logicamente questa regola deve essere prima dell Http_access allow all ! cmq mi posti la conf di squid (solo la parte delle acl )
I have tried all ... but the preferred remains SLACKWARE !
RHCE (Linux Red Hat Certified Engineer)
CNAC (Cisco Networking Academy Certified)
"Non auro, sed ferro, recuperanda est patria"
Hai ragione ora provo così:
Ecco la mia conf.
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
acl lan src 192.168.0.0/24
http_access allow lan
http_access allow all
acl ip_block1 src 192.168.0.89
http_access deny ip_block1
acl all src 0.0.0.0/0.0.0.0
acl ip_block1 src 192.168.0.89
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
acl lan src 192.168.0.0/24
http_access deny ip_block1
http_access allow lan
http_access allow all
I have tried all ... but the preferred remains SLACKWARE !
RHCE (Linux Red Hat Certified Engineer)
CNAC (Cisco Networking Academy Certified)
"Non auro, sed ferro, recuperanda est patria"
ora verifico.
Grazie
funziona così:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
acl lan src 192.168.0.0/24
acl ip_block1 src 192.168.0.247
http_access deny ip_block1
http_access allow lan
http_access allow all
Scusate se volessi mettere un intervallo di ip, è giusto così???
acl ip_block1 src 192.168.0.247-192.168.0.252
è giusto????
Permessi di invio
Rispondi quotando