On Mon, 11 Oct 2010 07:09:57 -0400, "Bucci, David G" <david.g.bucci@xxxxxxxx> wrote: > Just curious, is there any performance impact to doing it that way vs. a > couple of CIDR specifications to cover the range? > > I wasn't aware an ACL would handle such syntax, and used multiple rules. It reduces the number of entries tested each run. So yes there is a small CPU savings. There is no difference at all if an individual list entry. The full pattern specs FWIW are "start-end/mask" with end and mask both being optional. Amos > > -----Original Message----- > From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] > Sent: Monday, October 11, 2010 6:17 AM > To: squid-users@xxxxxxxxxxxxxxx > Subject: EXTERNAL: Re: Help configuring acl our_network rule > > On 11/10/10 22:33, Hosting Studio Services - Domains wrote: >> Hello everyone, I'm new here. >> >> I'm running Squid 2.6 STABLE 21 version on my VPS . >> >> I need a little help configuring my Squid. >> >> I am using the acl_our network parameter to manually add my ISP dynamic >> IP address each time as I need my proxy (I'm the only one who needs it, >> no other users involved). >> >> I know that my provider has IPs ranging from >> >> 78.134.1.1 to 78.134.130.255 >> >> What should my acl our_network be so that that entire range of IP >> addresses is included and accepted as valid so that I don't have to >> manually edit the .conf file each time my dynamic IP changes? >> > > acl our_networks src 78.134.1.1-78.134.130.255 > > It's best to stick some form of authentication on it as well. > > Regular ISP networks are under constant scan from other users and > infections seeking ways to transmit themselves. If you open any port > with ISP-wide access permissions it's likely to be only a matter of > minutes before someone or something other than you is using it. > > Amos
