FreeBSD6.0下通过squid的acl语句对上网用户作进一步设置
去年末写过<FreeBSD6.0Release+Squid+Socks5服务器架设笔记>, 但对某些用户的上网还没作进一步的限制. 今天完成这项工作.
以下为通过squid的acl语句对上网用户进行限制:
1. 先列出表格:
| ——– | 星期一 | 星期二 | 星期三 | 星期四 | 星期五 | 星期六 | 星期天 |
| 特殊用户 |
00:00-24:00 | 00:00-24:00 | 00:00-24:00 | 00:00-24:00 | 00:00-24:00 | 00:00-24:00 |
00:00-24:00 |
| 用户1 | 8:30-23:00 | 8:30-23:00 | 12:00-23:00 | 8:30-23:00 | 8:30-23:00 | 8:00-21:30 | 8:00-21:30 |
| 用户2 | 14:30-23:00 | 14:30-23:00 | 12:00-23:00 | 14:30-23:00 | 14:30-23:00 | 8:00-21:30 | 8:00-21:30 |
| 用户3 | 16:00-23:00 | 16:00-23:00 | 12:00-23:00 | 16:00-23:00 | 16:00-23:00 | 8:00-21:30 | 8:00-21:30 |
| 用户4 | 16:30-23:00 | 16:30-23:00 | 12:00-23:00 | 16:30-23:00 | 16:30-23:00 | 8:00-21:30 | 8:00-21:30 |
2. 编辑/usr/local/squid/etc/squid.conf文件, 从1475行开始, 加入如下内容:
acl tieshuyonghu src 192.168.121.210/32 192.168.121.211/32 192.168.121.212/32
acl yonghu1 src 192.168.120.1-192.168.120.52/255.255.255.255
acl yonghu2 src 192.168.120.53-192.168.120.104/255.255.255.255
acl yonghu3 src 192.168.120.105-192.168.120.157/255.255.255.255
acl yonghu4 src 192.168.120.158-192.168.120.208/255.255.255.255
acl 8:30-23:00 time MTHF 8:30-23:00
acl 14:30-23:00 time MTHF 14:30-23:00
acl 16:00-23:00 time MTHF 16:00-23:00
acl shan time W 12:00-23:00
acl zm time AS 8:00-21:30
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591  
; # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow tieshuyonghu
http_access allow yonghu1 8:30-23:00
http_access allow yonghu1 shan
http_access allow yonghu2 14:30-23:00
http_access allow yonghu2 shan
http_access allow yonghu3 16:00-23:00
http_access allow yonghu3 shan
http_access allow yonghu3 zm
http_access allow yonghu4 16:30-23:00
http_access allow yonghu4 shan
http_access allow yonghu4 zm
http_access deny all
这里利用了squid的acl中的src和time两个标签, time对星期的表示为 S-Sunday(星期天) M-Monday(星期一) T-Tuesday(星期二) W-Wednesday(星期三) H-Thursday(星期四) F-Friday(星期五) A-Saturday(星期六), 对acl更多的信息可看这里.
