Re: I guess I still don't get how to use acl's

From: Malcolm B.J. Garbutt <[email protected]>
Date: Thu, 10 Jul 1997 10:30:25 +1000 (EST)

On Wed, 9 Jul 1997, Kip DeGraaf wrote:

> Suppose I have a host who is using ICP access to me that I don't want. At
> the moment I don't want to go into a deny all mode because we are slowly
> building a little hierarchy and I don't want to have to change the acl's
> every time someone wants to test things out, but I do want to restrict this
> one host from accessing us. Below you will find our acl definitions.
> However the host still can do ICP. What did I do wrong?
>
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl all src 0.0.0.0/0.0.0.0
> acl impolite src aaa.bbb.ccc.ddd/255.255.255.255 (ip hidden to protect the
> guilty)
> acl SSL_ports port 443 563
> acl CONNECT method CONNECT
> http_access deny manager !localhost
> http_access deny CONNECT !SSL_ports
> http_access allow all
> icp_access allow all
> icp_access deny impolite
try putting this above the allow all, just a guess, based on firewalling
principles

> miss_access allow all
>

_________________________________________________________
Malcolm Garbutt
Network Operations-
MILDURA.NET MURRAY.NET

Office Ph. 03 50 212 991 Office Fax 03 50 212 932
Emergency Ph. 018 596 150

            .....Bringing the World to You......
_________________________________________________________
Received on Wed Jul 09 1997 - 16:57:01 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:35:42 MST