A HostList is a list of hosts (by name or address)
to be used for matching to examine whether a certain host is included
in the list or not.
Each host (hostSpec)
is optionally prefixed with a list of users (userList),
and optionally followed by a netMask.
TYPE OF IDENTITY
A hostSpec "person@place" represents following identities:
[-h/] [Ident@]peerHost
-- peer host's identity (client, server or proxy)
The name or address of the host matches with peerHost,
and if Ident@ part is specified,
the name of the owner of the connection, detected automatically
by the Identification protocol, matches with Ident.
A set of hosts belonging to a domain or a network can be represented
as a single hostSpec with wild-card notation.
You can prefix or postfix wild-card character "*" to a hostname
like "*.com" or "*.delegate.org" or "www.*".
As a special case, hostSpec which begins with "*." like
"*.domain" matches with "domain" as a hostname
as well as ordinary hostnames like "xx.domain" or "yy.xx.domain"
(since DeleGate/6.1.18).
IP-address range, which may represent a network,
can be specified like 192.168.[0-255], 192.168.1.[32-63].
These range can be written as 192.168.0.0/16 and 192.168.1.32/27.
In IP-address notation, wild-card character "*" means [0-255],
thus "192.168.*" is equals to 192.168.[0-255].
Specifying a netMask, you can check only a part of address,
the network address part typically.
The netMask can be specified in one of following formats;
/24, /28, ... length of mask bits
/FFFFFF00, /FFFFFFF0, ... hexadecimal notation
/255.255.255.0, /255.255.240.0, ... dot notation
/@A, /@B or /@C ...
address class mask.
@A, @B and @C represent
/8, /16 and /24 respectively.
This notation can be followed by the number of bits for subnets;
for example /@B4 means class B network
divided into sixteen subnets.
@ ... the default network mask
represents one of /@A, /@B or /@C
depending on the class of IP-address of the host to be masked
. ... narrower default network mask
similar to "@"
but represents "/24" when it is applied to class-A IP-addresses.
For an IPv6 address, the default mask is "ffff_ffff_ffff_ffff__"
which represents a mask of 64bits "FFFF:FFFF:FFFF:FFFF::".
USER LIST ( {userList}@host )
For a srcHostList (i.e. HostList concerning client hosts),
list of user names (userList) can be prefixed to a host name
like {user1,user2,...}@host.
The negate symbol "!" have the same meaning with that in a HostList.
Note that !user@host is different from {!user}@host;
the former excludes user@host,
but the latter means {*,!user}@host thus includes *@host except user@host.
The special user name "?" matches with users whos names are not
IDENTified with identd.
Example: inhibit access from unknown hosts or from unknown users
For a dstHostList (i.e. HostList concerning server hosts), a list of
port numbers (postList) can be postfixed to a host,
to make matching by port number as well as host name/address.
CMAP="sslway:FSV:*:{*:{563,636,990,992,995}}:*"
which is similar to CMAP="sslway:FSV:nntps,ldaps,ftps,telnets,pop3s:*:*"
SPECIAL HOST NAMES
There are special host names which are substituted with real host
names at runtime.
"."
the host where the DeleGate is running.
"-"
identical to "." if the host has unique IP address (network
interface), but if it have multiple IP addresses, it will
be the IP address from which the client connected to this DeleGate.
".o"
identical to "." if the host has unique IP address, but if
it have multiple network interface, outgoing
network interface
If a hostname (or a IP-address) is prefixed with "-" like "-hostname"
("-192.168.1.1"), then no name resolution (reverse resolution) will be
tried for the hostname (IP-address). This will avoid wasting time in
resolution trial for a never resolvable hostname (IP-address).
ADDRESS TYPE ( _4. | _6. )
"_4.*" matches any IPv4 addresses while
"_6.*" matches any IPv6 addresses.
These can be used for routing or access control based on address types.
AGENT CONDITION ( -A/agentNamePattern )
A pseudo host name pattern with prefix "-A/" at the top of it is used to
specify the User Agent of the client.
Example:
RELIABLE="-A/Mozilla/4,!-A/MSIE 5" ... which is similar to RELIABLE=.realmozi4 HOSTLIST=".realmozi4/A:Mozilla/4,!MSIE 5"
PERMIT="*:-T.9-16:hostList1" PERMIT="*:-T.17-8:hostList2"
// hostList1 is permitted during office hours whereas
// hostList2 is permitted non-office hours.
The complete format of period is like this:
[wW]HH[MM][-HH[MM]].
A time period in a week is represented with "wW" where W
expresses a day in a week ranging from "0" to "6" according to Sunday
through Saturday. Sunday can be expressed as "7" too for convenience.
Example:
-T.w5-0 // Friday through Sunday -T.w5-7 // Friday through Sunday -T.w51730-10830 // from 5:30pm on Friday to 8:30am on Monday