Le 11/03/2018 à 13:09, Leon Fauster a écrit : > It is not a good practice to place domain names into iptables rules. Define > a custom table, place this table into your rule list (to stick at the right > place) and feed that table with the resolved domain names. This can be altered > while running in the case of changes (check resolving results periodically). I admit I've never worked with custom tables, so I don't know how to do this. In the meantime, I found the following working solution. # Exceptions EXCEPTIONS=$(egrep -v '(^\#)|(^\s+$)' /usr/local/sbin/no-proxy.txt) for EXCEPTION in $EXCEPTIONS; do $IPT -A PREROUTING -t nat -i $IFACE_LAN -d $EXCEPTION -j ACCEPT done # Squid $IPT -A INPUT -p tcp -i $IFACE_LAN --dport 3128 -j ACCEPT $IPT -A INPUT -p udp -i $IFACE_LAN --dport 3128 -j ACCEPT $IPT -A PREROUTING -t nat -i $IFACE_LAN -p tcp ! -d $SERVER_IP \ --dport 80 -j REDIRECT --to-port 3128 $IPT -A INPUT -p tcp -i $IFACE_LAN --dport 3129 -j ACCEPT $IPT -A INPUT -p udp -i $IFACE_LAN --dport 3129 -j ACCEPT $IPT -A PREROUTING -t nat -i $IFACE_LAN -p tcp ! -d $SERVER_IP \ --dport 443 -j REDIRECT --to-port 3129 $IPT -A INPUT -p tcp -i $IFACE_LAN --dport 3130 -j ACCEPT $IPT -A INPUT -p udp -i $IFACE_LAN --dport 3130 -j ACCEPT And my no-proxy.txt file looks like this: # Ne pas utiliser le proxy pour les domaines suivants # # Crédit Agricole www.credit-agricole.fr # Crédit Coopératif www.credit-cooperatif.coop # Github github.com # Microlinux microlinux.fr microlinux.eu # Squid squid-cache.org # Thunderbird start.thunderbird.net Note that I can put either domain names or IP addresses in this file. And it's only supposed to keep a list of a handful of URLs that don't play well with a transparent Squid for HTTPS. Cheers, Niki -- Microlinux - Solutions informatiques durables 7, place de l'église - 30730 Montpezat Site : https://www.microlinux.fr Blog : https://blog.microlinux.fr Mail : info@xxxxxxxxxxxxx Tél. : 04 66 63 10 32 _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos