ACL problem

From: Piotr Rybicki <p.rybicki#cadera.com.pl>
Date: Tue, 23 Oct 2007 15:16:32 +0200


Hi list!

I've problems with configuring ACL.

My OS:
# uname -a

FreeBSD ryba-laptop.cadera.com.pl 6.2-RELEASE-p8 FreeBSD 6.2-RELEASE-p8 #2: Thu Oct 4 11:39:54 CEST 2007
root#ryba-laptop.cadera.com.pl:/usr/obj/usr/src/sys/LAPTOP i386

My haproxy version (build from ports):
# pkg_info | grep haproxy

haproxy-devel-1.3.12.2 The Reliable, High Performance TCP/HTTP Load Balancer

My config:
# cat haproxy.conf

global

         log 127.0.0.1   local0
         log 127.0.0.1   local1 notice
         #log loghost    local0 info
         maxconn 4096

# ulimit-n 8208
chroot /var/empty uid nobody gid nobody nbproc 1 daemon debug #quiet defaults log global mode http option httplog option dontlognull retries 3 redispatch maxconn 2000 contimeout 5000 clitimeout 50000 srvtimeout 50000 listen admin_page 0.0.0.0:8888 mode http option httpclose balance roundrobin stats enable stats refresh 1 stats uri / stats realm Global\ statistics stats auth admin:admin listen :10000 0.0.0.0:10022
# disabled
mode tcp balance roundrobin acl src_in src 192.168.137.2/32
# block if !src_in
block unless src_in server test 192.168.137.1:10022 check inter 2000 rise 2 fall 5

I wish to limit access to TCP proxy service for certain IP address. Something similar to 'only_from = _IP_' in xinetd

In my opinion, this configuration doesn't do ACL stuff. Even when o add section:
block if TRUE

Am I missing something?

Thanks in advance & best regards
Piotr Rybicki Received on 2007/10/23 15:16

This archive was generated by hypermail 2.2.0 : 2007/11/04 19:21 CET