Le jeu 17/04/2003 à 16:33, kenn murrah a écrit : > BTW, i *AM* using squid, and my iptables already includes: > iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j > REDIRECT --to-port 3128 > so, will the setup you describe be the only thing i need to add in order to > block non-http ports? If you want to block everything else, than desactivate routing : echo 0 > /proc/sys/net/ipv4/ip_forward You can also set FROWARD chain policy to DROP : iptables -P FORWARD DROP This way, everything is denied, unless you use HTTP proxy. -- Cédric Blancher <blancher@xxxxxxxxxxxxxxxxxx> Consultant en sécurité des systèmes et réseaux - Cartel Sécurité Tél: +33 (0)1 44 06 97 87 - Fax: +33 (0)1 44 06 97 99 PGP KeyID:157E98EE FingerPrint:FA62226DA9E72FA8AECAA240008B480E157E98EE
