experimental Varnish ACL revision (IPv6 able ?)
Wichert Akkerman
wichert at wiggy.net
Wed Jul 23 00:45:58 CEST 2008
Poul-Henning Kamp wrote:
> I have reworked the varnish ACL code, but am not done testing.
>
> There's a patch here:
>
> http://phk.freebsd.dk/patch/varnish_acl.patch
>
> If any of you feel like beating it up, feel free to.
>
> The changes are:
>
> * Do DNS lookups at compile time instead of child load time. This
> makes restarts (much) faster (for long ACLS) and reports the
> DNS errors where& when they are needed.
>
> * Support IPv6 filtering.
>
> The ACL rules still have the same syntax, but the sematics have
> expanded to handle IPv6 also:
>
> acl foo {
>
> "foohost"; // Match, if the address is one of the
> // ipv4 or ipv6 addresses of "foohost"
>
> ! "foohost"; // Fail, if...
>
> "192.168.1.7" / 24; // Use mask for comparison: The '7' is
> // ignored
>
Can you also write 192.168.1/24 ?
Wichert.
--
Wichert Akkerman<wichert at wiggy.net> It is simple to make things.
http://www.wiggy.net/ It is hard to make things simple.
More information about the varnish-misc
mailing list