well, i DID try this idea from Cedric .. ----- Original Message ----- From: "Cedric Blancher" <blancher@xxxxxxxxxxxxxxxxxx> Le jeu 17/04/2003 à 16:33, kenn murrah a écrit : > BTW, i *AM* using squid, and my iptables already includes: > iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j > REDIRECT --to-port 3128 > so, will the setup you describe be the only thing i need to add in order to > block non-http ports? You can also set FROWARD chain policy to DROP : iptables -P FORWARD DROP This way, everything is denied, unless you use HTTP proxy. as well as THIS idea from Kim: > Rules should be: > $ iptables -t filter -A INPUT -i lo -j ACCEPT > $ iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT > $ iptables -t filter -A INPUT -j DROP > $ iptables -t filter -A FORWARD -p tcp --dport 80 -j ACCEPT > $ iptables -t filter -A FORWARD -j DROP but both of them resulted in my not being about to access HTTP, either ... what am I doing wrong here? Thanks again to both Cedric and Kim ... can you or anybody else spot what I'm doing wrong ??? all replies appreciated. Kenn
