在 pfSense 中,組 ACL 螢幕中的“目標類別”和“非工作時間的目標類別”列的含義是什麼?
在螢幕的 pfSense 2.3.1 中的 SquidGuard 中,在和
Groups ACL中有兩列。行中的每個值都有值、和。Target Rules ListTarget Categories``Target Categories for off-time``allow``deny``whitelist``---為什麼有兩列,它們是什麼意思?
弄清楚了。在查看生成的程式碼並參考 Squid Guardian 網站的一些範例後,我很清楚該
Target Categories列包含當 acl 在指定時間段內時應用的黑名單/白名單規則,並且Target Categories for off-time是黑名單/ 當 acl 超出指定時間段時應用的白名單規則。目標規則語法
複製
Target Rules文本說明一切(前提是您已經保存了它,更改值時它不會自動更新……)它通常看起來像這樣:
<black-lists applied inside time frame> all|deny [ <black-lists applied outside time frame> all|deny ]語法是這樣的,
括號外的任何內容都是在時間範圍內應用的內容。
<black-lists applied inside time frame>括號內的任何內容都是在時間範圍之外應用的內容。
<black-lists applied inside time frame>最後的
allordeny表示在其餘列表沒有命中(從左到右)執行後,您是要允許訪問所有其他站點,還是要拒絕所有其他站點?前綴:
Applies to all specified black lists ! = Deny = allow ^ = whitelist例子
現在我想我有點過於復雜了(必須有一個不那麼冗長的語法),如果我了解更多關於允許而不是白名單語法的知識,那麼會有一些方法可以使用預設值,但我沒有t 調查過,所以這就是我的理解:
假設當您希望設置超出時間範圍的內容時,您希望以下黑名單生效,並且任何其他網站都是免費遊戲:
- blk_BL_adv
- blk_BL_aggressive
- blk_BL_約會
- blk_BL_drugs
- blk_BL_gamble
- blk_BL_hacking
- blk_BL_movies
- blk_BL_news
- blk_BL_politics
- blk_BL_porn
- blk_BL_radiotv
- blk_BL_socialnet
- blk_BL_spyware
- blk_BL_warez
…並且您希望其他任何內容都可以訪問…然後您將放在
all最後。要查看此操作,您將在括號中包含所有內容:
[ !blk_BL_adv !blk_BL_aggressive !blk_BL_dating !blk_BL_drugs !blk_BL_gamble !blk_BL_hacking !blk_BL_movies !blk_BL_news !blk_BL_politics !blk_BL_porn !blk_BL_radiotv !blk_BL_socialnet !blk_BL_spyware !blk_BL_warez all ]請注意,只有
!(拒絕)和沒有(allow) and no^(whitelist)`—
Now suppose that during the time period we would like to allow access to the following, but still keep our off-time blacklist rules in play:
- blk_BL_movies
- blk_BL_news
- blk_BL_politics
- blk_BL_socialnet
Then we copy the values from our off-time list and replace the
!(deny) with^(whitelist) on only the entries listed above. The rest of them remain!deny.The list outside the brackets then becomes
!blk_BL_adv !blk_BL_aggressive !blk_BL_dating !blk_BL_drugs !blk_BL_gamble !blk_BL_hacking ^blk_BL_movies ^blk_BL_news ^blk_BL_politics !blk_BL_porn !blk_BL_radiotv ^blk_BL_socialnet !blk_BL_spyware !blk_BL_warez all…and also there is an
allat the end to of the list to allow the rest of the sites.So when we throw it all together we have:
!blk_BL_adv !blk_BL_aggressive !blk_BL_dating !blk_BL_drugs !blk_BL_gamble !blk_BL_hacking ^blk_BL_movies ^blk_BL_news ^blk_BL_politics !blk_BL_porn !blk_BL_radiotv ^blk_BL_socialnet !blk_BL_spyware !blk_BL_warez all [ !blk_BL_adv !blk_BL_aggressive !blk_BL_dating !blk_BL_drugs !blk_BL_gamble !blk_BL_hacking !blk_BL_movies !blk_BL_news !blk_BL_politics !blk_BL_porn !blk_BL_radiotv !blk_BL_socialnet !blk_BL_spyware !blk_BL_warez all ]and that’s what gets stored as the value of the
Target Rulesbox.When I was trying to figure this out, I unknowingly found myself in
vimreplicating the same two lists that make up the GUI by taking the value ofTarget Rules, splitting it into the lists inside and outside the brackets, and taking each of the flat lists and placing them vertically beside one another, then I realized what was going on.`