Re: [squid-users] RE: EXTERNAL: Re: [squid-users] Help configuring acl our_network rule

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Mon, 11 Oct 2010 21:18:14 +0000

On Mon, 11 Oct 2010 07:09:57 -0400, "Bucci, David G"
<david.g.bucci_at_lmco.com> wrote:
> Just curious, is there any performance impact to doing it that way vs. a
> couple of CIDR specifications to cover the range?
>
> I wasn't aware an ACL would handle such syntax, and used multiple rules.

It reduces the number of entries tested each run. So yes there is a small
CPU savings.

There is no difference at all if an individual list entry. The full
pattern specs FWIW are "start-end/mask" with end and mask both being
optional.

Amos

>
> -----Original Message-----
> From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
> Sent: Monday, October 11, 2010 6:17 AM
> To: squid-users_at_squid-cache.org
> Subject: EXTERNAL: Re: [squid-users] Help configuring acl our_network
rule
>
> On 11/10/10 22:33, Hosting Studio Services - Domains wrote:
>> Hello everyone, I'm new here.
>>
>> I'm running Squid 2.6 STABLE 21 version on my VPS .
>>
>> I need a little help configuring my Squid.
>>
>> I am using the acl_our network parameter to manually add my ISP dynamic
>> IP address each time as I need my proxy (I'm the only one who needs it,
>> no other users involved).
>>
>> I know that my provider has IPs ranging from
>>
>> 78.134.1.1 to 78.134.130.255
>>
>> What should my acl our_network be so that that entire range of IP
>> addresses is included and accepted as valid so that I don't have to
>> manually edit the .conf file each time my dynamic IP changes?
>>
>
> acl our_networks src 78.134.1.1-78.134.130.255
>
> It's best to stick some form of authentication on it as well.
>
> Regular ISP networks are under constant scan from other users and
> infections seeking ways to transmit themselves. If you open any port
> with ISP-wide access permissions it's likely to be only a matter of
> minutes before someone or something other than you is using it.
>
> Amos
Received on Mon Oct 11 2010 - 21:18:20 MDT

This archive was generated by hypermail 2.2.0 : Tue Oct 12 2010 - 12:00:03 MDT