Fwd: problem: acl based on srcIP dstIP

From: Csaba Koller <[email protected]>
Date: Fri, 24 Mar 2000 21:07:58 +0100

From: cabcab@cd.hu <cabcab@cd.hu>
Subject: problem: acl based on srcIP dstIP

_---------- Original message text --------------

Hi wisemen,

got a weird prob. I need to set different level of
access for users based on the src IP, an dst IP.
Some of the users can http_access only one subnet, one can
see anything, etc...

I have set the following to limit the access for
the whole subnet:

acl all src 0.0.0.0/0.0.0.0
acl mostuser src 192.168.0.0/255.255.255.0

acl thesubnet dst 195.195.195.0/255.255.255.0

http_access deny !thesubnet
http_access allow mostuser
http_access deny all

But... there is one IP, who can see anything:

acl theone src 192.168.0.1/255.255.255.255

But no idea how to allow it.

Do I have to change the conception denying the "mostuser" group?

Please help!

Regards,
Csaba

_------- End of Original message text ----------
Received on Fri Mar 24 2000 - 13:10:22 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:52:23 MST