I think block with iptables is not the right way to do that, because de proxy will process all the request and than the OS will block the connection on port 443. Maybe works for you: acl ALOWED dstdomain .gmail.com .google.com .hotmail.com acl SSL_ports port 443 http_access allow SSL_ports ALLOWED http_access deny SSL_ports http_access allow all -- ======================================== Marcos Aurelio Rodrigues (DEiGrAtiA-33) <deigratia33@xxxxxxxxx> CCNA, MCSO Mirabilia laudo semprer, Dei ======================================== On Tue, Apr 1, 2008 at 3:39 AM, Vivek Mangal <vivek.mangal9685@xxxxxxxxx> wrote: > I think, We should append this rule not insert, then > /sbin/iptables -A OUTPUT -p tcp -dport 443 -j DROP > another it block all request on 443 port. > Tell me if i am wrong.. > > > So , in your case the following rules should work: > > > > ### First allow ### > > /sbin/iptables -I OUTPUT -d gmail.com -p tcp --dport 443 -j ACCEPT > > /sbin/iptables -I OUTPUT -d <GTALK IP > -p tcp --dport 443 -j ACCEPT > > > > ### Then Deny ### > > /sbin/iptables -I OUTPUT -p tcp --dport 443 -j DROP > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
