Hi Ruslan, > i want make transaparent proxy on localhost and want to disabe access > after redirecting to port 3128 if destination address in net other then > 193.108.240.0/22. > Does REDIRECT target send packet to INPUT chain and i should disable > access in INPUT chain or should i disable access in '-t nat -A > POSTROUTING' chain? You will not be able to disable access in the POSTROUTING chain, since after reading the REDIRECT rule, no further rules in that chain are processed. In any case, it is not recommended to filter in the nat table. The best place to put your filtering rule is in the INPUT chain. Cheers, Chris. -- ___ __ _ / __// / ,__(_)_ | Chris Wilson -- UNIX Firewall Lead Developer | / (_ / ,\/ _/ /_ \ | NetServers.co.uk http://www.netservers.co.uk | \ _//_/_/_//_/___/ | 21 Signet Court, Cambridge, UK. 01223 576516 |
