*** saclfile.ini.orig	Sat May  2 13:09:56 1998
--- saclfile.ini	Sat May  2 13:12:00 1998
***************
*** 1,99 ****
! #	Access Control List for the Internet Junkbuster 2.0
! #
! # Copyright 1997-8 Junkbusters Corp.  For distribution, modification and use
! # under the GNU General Public License. These files come with NO WARRANTY.
! # See http://www.junkbusters.com/ht/en/gpl.html or README file for details.
! #
! # Access controls are included at the request of some ISPs and systems
! # administrators, and are not usually needed by individual users.
! # Please note the warnings in the FAQ that this proxy is not
! # intended to be a substitute for a firewall or to encourage anyone
! # to defer addressing basic security weaknesses.
! # For details see http://www.junkbusters.com/ht/en/ijbman.html#aclfile
! 
! # If no access file is specified, the proxy talks to anyone that connects.
! # If an access file is specified, the proxy talks only to IP addresses
! # permitted somewhere in this file and not denied later in this file.
! #
! # Summary -- if using an ACL:
! #
! #	Client must have permission to receive service
! #	LAST match in ACL file wins
! #	Default behavior is to deny service
! #
! # Syntax for an entry in an Access Control List is:
! #
! # ACTION    SRC_ADDR[/SRC_MASKLEN]    [ DST_ADDR[/DST_MASKLEN] ]
! #
! # where the fields are
! #
! # ACTION      = "permit" | "deny"
! #
! # SRC_ADDR    = client hostname or dotted IP address
! # SRC_MASKLEN = number of bits in the subnet mask for the source
! #
! # DST_ADDR    = server or forwarder hostname or dotted IP address
! # DST_MASKLEN = number of bits in the subnet mask for the target
! #
! # field separator (FS) is whitespace (space or tab)
! #
! # IMPORTANT NOTE
! # ==============
! # If the junkbuster is using a forwarder or a gateway for a particular 
! # destination URL, the DST_ADDRR that is examined is the address of
! # the forwarder or the gateway and NOT the address of the ultimate target.
! # This is necessary because it may be impossible for the local
! # junkbuster to determine the address of the ultimate target
! # (that's often what gateways are used for).
! #
! # Here are a few examples to show how the ACL works:
! 
! # localhost is OK --  no DST_ADDR implies that ALL destination addresses are OK
! # permit	localhost
! 
! # a silly example to illustrate:
! #
! # permit any host on the class-C subnet with junkbusters to go anywhere
! #
! # permit	www.junkbusters.com/24
! #
! # except deny one particular IP address from using it at all
! #
! # deny		ident.junkbusters.com
! 
! # another example
! #
! # You can specify an explicit network address and subnet mask.
! # Explicit addresses do not have to be resolved to be used.
! #
! # permit 207.153.200.0/24
! 
! # a subnet mask of 0 matches anything, so the next line permits everyone.
! #
! # permit 0.0.0.0/0
! 
! # Note:  you cannot say
! #
! # permit	.org
! #
! # to allow all .org domains; every IP-address listed must resolve fully.
! 
! # An ISP may want to provide a junkbuster that is accessible by "the world"
! # and yet restrict use of some of their private content to hosts on its
! # internal network (i.e. its own subscribers).  Say, for instance the
! # ISP owns the Class-B IP address block 123.124.0.0 (a 16 bit netmask).
! # This is how they could do it:
! 
! # permit 0.0.0.0/0	0.0.0.0/0	# other clients can go anywhere 
! #					  with the following exceptions:
! #
! # deny   0.0.0.0/0	123.124.0.0/16	# block all external requests for
! #                                         sites on the ISP's network
! #
! # permit 0.0.0.0/0	www.my_isp.com	# except for the ISP's main web site
! #
! # permit 123.124.0.0/16	0.0.0.0/0	# the ISP's clients can go anywhere
! 
! # Note that some hostnames may be listed with multiple IP addresses;
! # the primary value returned by gethostbyname() is used.
! #
--- 1,99 ----
! #	Access Control List for the Internet Junkbuster 2.0
! #
! # Copyright 1997-8 Junkbusters Corp.  For distribution, modification and use
! # under the GNU General Public License. These files come with NO WARRANTY.
! # See http://www.junkbusters.com/ht/en/gpl.html or README file for details.
! #
! # Access controls are included at the request of some ISPs and systems
! # administrators, and are not usually needed by individual users.
! # Please note the warnings in the FAQ that this proxy is not
! # intended to be a substitute for a firewall or to encourage anyone
! # to defer addressing basic security weaknesses.
! # For details see http://www.junkbusters.com/ht/en/ijbman.html#aclfile
! 
! # If no access file is specified, the proxy talks to anyone that connects.
! # If an access file is specified, the proxy talks only to IP addresses
! # permitted somewhere in this file and not denied later in this file.
! #
! # Summary -- if using an ACL:
! #
! #	Client must have permission to receive service
! #	LAST match in ACL file wins
! #	Default behavior is to deny service
! #
! # Syntax for an entry in an Access Control List is:
! #
! # ACTION    SRC_ADDR[/SRC_MASKLEN]    [ DST_ADDR[/DST_MASKLEN] ]
! #
! # where the fields are
! #
! # ACTION      = "permit" | "deny"
! #
! # SRC_ADDR    = client hostname or dotted IP address
! # SRC_MASKLEN = number of bits in the subnet mask for the source
! #
! # DST_ADDR    = server or forwarder hostname or dotted IP address
! # DST_MASKLEN = number of bits in the subnet mask for the target
! #
! # field separator (FS) is whitespace (space or tab)
! #
! # IMPORTANT NOTE
! # ==============
! # If the junkbuster is using a forwarder or a gateway for a particular 
! # destination URL, the DST_ADDRR that is examined is the address of
! # the forwarder or the gateway and NOT the address of the ultimate target.
! # This is necessary because it may be impossible for the local
! # junkbuster to determine the address of the ultimate target
! # (that's often what gateways are used for).
! #
! # Here are a few examples to show how the ACL works:
! 
! # localhost is OK --  no DST_ADDR implies that ALL destination addresses are OK
! # permit	localhost
! 
! # a silly example to illustrate:
! #
! # permit any host on the class-C subnet with junkbusters to go anywhere
! #
! # permit	www.junkbusters.com/24
! #
! # except deny one particular IP address from using it at all
! #
! # deny		ident.junkbusters.com
! 
! # another example
! #
! # You can specify an explicit network address and subnet mask.
! # Explicit addresses do not have to be resolved to be used.
! #
! # permit 207.153.200.0/24
! 
! # a subnet mask of 0 matches anything, so the next line permits everyone.
! #
! # permit 0.0.0.0/0
! 
! # Note:  you cannot say
! #
! # permit	.org
! #
! # to allow all .org domains; every IP-address listed must resolve fully.
! 
! # An ISP may want to provide a junkbuster that is accessible by "the world"
! # and yet restrict use of some of their private content to hosts on its
! # internal network (i.e. its own subscribers).  Say, for instance the
! # ISP owns the Class-B IP address block 123.124.0.0 (a 16 bit netmask).
! # This is how they could do it:
! 
! # permit 0.0.0.0/0	0.0.0.0/0	# other clients can go anywhere 
! #					  with the following exceptions:
! #
! # deny   0.0.0.0/0	123.124.0.0/16	# block all external requests for
! #                                         sites on the ISP's network
! #
! # permit 0.0.0.0/0	www.my_isp.com	# except for the ISP's main web site
! #
! # permit 123.124.0.0/16	0.0.0.0/0	# the ISP's clients can go anywhere
! 
! # Note that some hostnames may be listed with multiple IP addresses;
! # the primary value returned by gethostbyname() is used.
! #
