# HTTP.ACL	Egress control rules for Xrouter HTTP Proxy / Tunnel
#
# If this file is not present, or there are no active entries, all
# egress is blocked for security reasons.
#
# If any entry is activated, HTTP proxy/tunnel egress is controlled
# entirely by this file. See MAN HTTP.ACL for more info.
#
# Fields: <action> <source_ip>[/mask] <dest_ip>[/mask] <dest_port(s)>
#
# <action>      PERMIT  Allow egress
#               DENY    Prevent egress
# <source_ip>   IP address of uplinked user
# <dest_ip>     IP address of target system
# <mask>        Either: No. of bits (0-32) to match from left to right
#               Or:     Subnet mask in form n.n.n.n
# <port(s)>     One or more TCP service numbers (0-65535).  Allowed
#               formats are "n", "n,n,n", "n-n" or combination thereof.
#
; Allow LAN users to tunnel to anyone
;permit	192.168.0.0/24	0.0.0.0/0	0-65535
;
; Allow Internet users to tunnel only to certain ports on xrouter
;permit	0.0.0.0/0	192.168.0.245	23,87,1448,3600
;permit	0.0.0.0/0	192.168.0.4	80,23
;
; Allow amprnet users to tunnel to anyone
;permit 44.0.0.0/8 0.0.0.0/0 0-65535