Management wanted an extra layer of security for some financial apps. Idea was to set up reverse proxy server which required authentication. This seemed to work until I tried to set up iptables to restrict access only from proxy server. Turns out there are applets downloaded to user's machine that try to connect directly to apps server. So I thought maybe I could do something in IPTABLES with the "X-Forwarded-For" header from the proxy server. Is this possible? -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html