Chris Robertson wrote: > Something like: > > iptables -A INPUT -i eth0 --dport 3128 -j REJECT > > (assuming that you are using eth0) should do it. If the box is acting as > a gateway, then add the same rule for each ethernet interface. > > Chris Thank you for your suggestion. I should have said: I've already tried this, but nmap will then show 3128/tcp filtered squid-http which still tells the users that a Squid is running. This also happens with DROP. And what's worse, it blocks the use of Squid, eventhough I state "-i eth1". Possibly I'm using Iptables incorrectly, I'll keep trying. I think you need to state the protokol like this: "-p tcp" when you use dport. //Niels
