home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
PC World 2001 April
/
PCWorld_2001-04_cd.bin
/
Software
/
TemaCD
/
junkbust
/
linux
/
saclfile.ini
< prev
next >
Wrap
Text File
|
1998-10-30
|
4KB
|
103 lines
# Access Control List for the Internet Junkbuster 2.0
#
# Copyright 1997-8 Junkbusters Corp. For distribution, modification and use
# under the GNU General Public License. These files come with NO WARRANTY.
# See http://www.junkbusters.com/ht/en/gpl.html or README file for details.
#
# Access controls are included at the request of some ISPs and systems
# administrators, and are not usually needed by individual users.
# Please note the warnings in the FAQ that this proxy is not
# intended to be a substitute for a firewall or to encourage anyone
# to defer addressing basic security weaknesses.
# For details see http://www.junkbusters.com/ht/en/ijbman.html#aclfile
# For this file to have any effect, the line beginning "aclfile"
# must be commented in, with the name of this file following the word "aclfile"
# If no access file is specified, the proxy talks to anyone that connects.
# If an access file is specified, the proxy talks only to IP addresses
# permitted somewhere in this file and not denied later in this file.
#
# Summary -- if using an ACL:
#
# Client must have permission to receive service
# LAST match in ACL file wins
# Default behavior is to deny service
#
# Syntax for an entry in an Access Control List is:
#
# ACTION SRC_ADDR[/SRC_MASKLEN] [ DST_ADDR[/DST_MASKLEN] ]
#
# where the fields are
#
# ACTION = "permit" | "deny"
#
# SRC_ADDR = client hostname or dotted IP address
# SRC_MASKLEN = number of bits in the subnet mask for the source
#
# DST_ADDR = server or forwarder hostname or dotted IP address
# DST_MASKLEN = number of bits in the subnet mask for the target
#
# field separator (FS) is whitespace (space or tab)
#
# IMPORTANT NOTE
# ==============
# If the junkbuster is using a forwarder or a gateway for a particular
# destination URL, the DST_ADDRR that is examined is the address of
# the forwarder or the gateway and NOT the address of the ultimate target.
# This is necessary because it may be impossible for the local
# junkbuster to determine the address of the ultimate target
# (that's often what gateways are used for).
#
# Here are a few examples to show how the ACL works:
# localhost is OK -- no DST_ADDR implies that ALL destination addresses are OK
# permit localhost
# a silly example to illustrate:
#
# permit any host on the class-C subnet with junkbusters to go anywhere
#
# permit www.junkbusters.com/24
#
# except deny one particular IP address from using it at all
#
# deny ident.junkbusters.com
# another example
#
# You can specify an explicit network address and subnet mask.
# Explicit addresses do not have to be resolved to be used.
#
# permit 207.153.200.0/24
# a subnet mask of 0 matches anything, so the next line permits everyone.
#
# permit 0.0.0.0/0
# Note: you cannot say
#
# permit .org
#
# to allow all .org domains; every IP-address listed must resolve fully.
# An ISP may want to provide a junkbuster that is accessible by "the world"
# and yet restrict use of some of their private content to hosts on its
# internal network (i.e. its own subscribers). Say, for instance the
# ISP owns the Class-B IP address block 123.124.0.0 (a 16 bit netmask).
# This is how they could do it:
# permit 0.0.0.0/0 0.0.0.0/0 # other clients can go anywhere
# with the following exceptions:
#
# deny 0.0.0.0/0 123.124.0.0/16 # block all external requests for
# sites on the ISP's network
#
# permit 0.0.0.0/0 www.my_isp.com # except for the ISP's main web site
#
# permit 123.124.0.0/16 0.0.0.0/0 # the ISP's clients can go anywhere
# Note that some hostnames may be listed with multiple IP addresses;
# the primary value returned by gethostbyname() is used.
#