Re: need squid help

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I think block with iptables is not the right way to do that, because de
proxy will process all the request and than the OS will block the connection
on port 443.

Maybe works for you:

acl ALOWED dstdomain .gmail.com .google.com .hotmail.com
acl SSL_ports port 443
http_access allow SSL_ports ALLOWED
http_access deny SSL_ports
http_access allow all


-- 
========================================
Marcos Aurelio Rodrigues (DEiGrAtiA-33)
<deigratia33@xxxxxxxxx>
CCNA, MCSO
Mirabilia laudo semprer, Dei
========================================

On Tue, Apr 1, 2008 at 3:39 AM, Vivek Mangal <vivek.mangal9685@xxxxxxxxx>
wrote:

>  I think, We should append this rule not insert, then
> /sbin/iptables -A OUTPUT -p tcp -dport 443 -j DROP
> another it block all request on 443 port.
> Tell me if i am wrong..
>
> > So , in your case the following rules should work:
> >
> > ### First allow ###
> > /sbin/iptables -I OUTPUT -d gmail.com -p tcp --dport 443 -j ACCEPT
> > /sbin/iptables -I OUTPUT -d <GTALK IP > -p tcp --dport 443 -j ACCEPT
> >
> > ### Then Deny ###
> > /sbin/iptables -I OUTPUT -p tcp --dport 443 -j DROP
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux