bend chen schrieb: > hi,netfilter > > I have manager some PC,some one can used my netfilter box access Internet,others can't access Internet. > but I find some PC installed proxy program (wingate\ccproxy...) proxy some user's pc access Internet. > how can i set my firewall to forbidden user use proxy program? If I understand correctly, you want to allow proxy access for some users and other users are forbidden to use the proxy.If so, what about this: Structure your network, put allowed users in one network segment and forbidden users in a different segment. Then the following rules should get you started. iptables -P INPUT DROP iptables -P FORWARD DROP iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED \ -j ACCEPT iptables -A INPUT -s $ALLOWED_SEGMENT/$NETMASK \ --dport $PROXY_PORT -j ACCEPT [Some other rules you need] Finally I would like to suggest reading "man iptables" and this excellent tutorial by Oskar Andreasson: http://iptables-tutorial.frozentux.net/chunkyhtml/index.html Good luck, Joerg
