On Fri, 13 May 2005, Niels wrote:
Thank you for your answer Henrik. OK, so I now have this:
#redirect to squid iptables -t nat -I PREROUTING -i eth1 -p TCP --dport 3128 -j DROP
On a second thought you should extend that with a destination IP match.. if not you will block traffic to port 3128 on all destinations...
I inserted a "-p TCP", otherwise I get an error. I also changed -I to -A, but in either case I still get
3128/tcp filtered squid-http
when I run nmap from another machine. I want 3128 to be invisible.
You could use --REJECT --reject-with tcp-reset
or REDIRECT it to a unused port having the TCP kernel send that reset for you.
Regards Henrik
