On 15/10/2013 8:28 p.m., Sachin Gupta wrote:
Thanks Amos.
For handling subnets, do i need to create a separate ACL? or it can be
clubbed in the list of IPs?
acl aclname dst [-n] ip-address/mask
OR
acl aclname dst "subnets_file"
The format is start-finish/mask. With finish and mask both being
optional. So...
acl foo dst 192.0.2.1
acl foo dst 192.0.2.20-192.0.2.24
acl foo dst 192.0.2.128-192.0.2.192/25
acl foo dst 192.0.2.192/27
are all valid entries. As are any IPv6 addresses in the same format.
The documentation http://www.squid-cache.org/Doc/config/acl/ mentions
that this is a slow acl.
How does this work actually? Is it so that for each request, a dns
query is done and matched against this acl?
Yes. Exactly that reason.
Amos
