On Wed, 2003-05-07 at 21:27, xchris wrote: > On Wednesday 07 May 2003 14:05, Walter Priesnitz Filho wrote: > > Hi, > > I have this environment, a subnetwork (192.168.0.0) that access another > > subnetwork (192.168.59.0) and then access the internet. The second lan has > > a proxy server (squid:3128). > > I need to block the requests in th first lan to the squid server to some > > sites. How can I do this? > > I've tried this > > iptables -A FORWARD -p tcp -m multiport --dport 80,443,3128 -d > > www.someplace.com -j DROP > > but doesn't work. > > Can anybody help-me? > > why don't use OUTPUT/INPUT chain? > you disable output/input from the lan to your firewall (so squid doesn't get > requests) Why not use squidGuard? Or even squid a squid acl?
Attachment:
signature.asc
Description: This is a digitally signed message part
