It cant be asked to read from a file? acl aclname dst "subnets_file" with subnets_file having entries like: 192.0.2.192/27 ... ... ... Wont this work? Regards On Tue, Oct 15, 2013 at 1:45 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 15/10/2013 8:28 p.m., Sachin Gupta wrote: >> >> Thanks Amos. >> >> For handling subnets, do i need to create a separate ACL? or it can be >> clubbed in the list of IPs? >> >> acl aclname dst [-n] ip-address/mask >> OR >> >> acl aclname dst "subnets_file" > > > The format is start-finish/mask. With finish and mask both being optional. > So... > > acl foo dst 192.0.2.1 > acl foo dst 192.0.2.20-192.0.2.24 > acl foo dst 192.0.2.128-192.0.2.192/25 > acl foo dst 192.0.2.192/27 > > are all valid entries. As are any IPv6 addresses in the same format. > > >> The documentation http://www.squid-cache.org/Doc/config/acl/ mentions >> that this is a slow acl. >> How does this work actually? Is it so that for each request, a dns >> query is done and matched against this acl? > > > Yes. Exactly that reason. > > Amos
