RE: new feature in squidguard

[Craig Falconer]

> # Old format
> source group1 {
>             ip          192.168.1.0/24
>             userlist    src/group1/users
> }
> source group2 {
>             ip          192.168.2.0/24
> }
> source group3 {
>             ip          192.168.3.0/24
>             user        root user1 user2
> }
> 
This can also be expressed as

> # Old format
> source group {
>             ip          192.168.1.0/24 192.168.2.0/24 192.168.3.0/24
>             user        root user1 user2
>             userlist    src/group1/users
> }
> 
Or even

> # Old format
> source group {
>             ip          192.168.0.0/22               <-- I'm not sure that
> this is right... I think it includes 192.168.1.* or 192.168.4.* as well...
>             user        root user1 user2
>             userlist    src/group1/users
> }
> 
> 
If you want, you can declare a single IP or IP range to be a member of two
groups, but since the file is parsed sequentially, only the first group that
matches the IP will be used.

> ----------
> From:         Sergei I. Golod[SMTP:[EMAIL PROTECTED]]
> Sent:         Saturday, October 06, 2001 12:02 AM
> To:   [EMAIL PROTECTED]
> Subject:      new feature in squidguard
> 
> Hello.
> 
> What about to change 'source' defenition in configuration file to next:
> 
> # Old format
> source group1 {
>             ip          192.168.1.0/24
>             userlist    src/group1/users
> }
> source group2 {
>             ip          192.168.2.0/24
> }
> source group3 {
>             ip          192.168.3.0/24
>             user        root user1 user2
> }
> 
> # New format
> source many_groups {
>         {
>             ip          192.168.1.0/24
>             userlist    src/group1/users
>         }
>         {
>             ip          192.168.2.0/24
>         }
>         {
>             ip          192.168.3.0/24
>             user        root user1 user2
>         }
> }
> 
> // Some explanation: many_groups - is a group of subgroups (OR condition
> between subgroups), inside each subgroups we using old format. So in this
> examle: ((users in /src/group1/users AND from 192.168.1.0/24) OR (any user
> from 192.168.2.0/24) OR (user root/user1/user2 from 192.168.3.0/24)) in
> group many_groups. And now we can use ONLY ONE acl for this group and not
> need to define one acl for each subgroups (as in current version).
> 
> destination some {
>         expressionlist  dest/some.expression
>         redirect        http://localhost/some.html
> }
> 
> acl {
> # Old format
>         group1 {
>                 pass    !some any
>         }
>         group2 {
>                 pass    !some any
>         }
>         group3 {
>                 pass    !some any
>         }
> 
> #New format
>         many_groups {
>                 pass    !some any
>         }
> ....
> }
>