Search squid archive

Re: Best policy to allow only proxy surfing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On May 5, 2010, at 9:54 AM, Boniforti Flavio wrote:

>> Don't know if this is going to work, but if it does, rules 
>> similar to these may solve your problem. With no proxy whinage.
> 
> This *is* going to work

Thanks for that. Now I know that if it doesn't, it's my implementation, not the design...

> I did such setups too, some years ago. The fact
> is, that similar solutions require some more intervention, because (as
> you might know) every day a new software/tool/internet application needs
> to be used (and it is FOR SURE that it HAS to be used, for working
> purposes, not for joke)... This would mean, adding rules from time to
> time... 

It would indeed. One of the delights (IMHO) of iptables is local chains. My packet filter will have special chains for stuff. So when a new rule LAN to NET rule is needed, 

"iptables -A LANtNET -p <...> --dport <...> -j ALLOW" 

is all that's needed. Actually, that'd go into the shell script that builds the filter.

> Good luck, but still I confess that I *may be* switching to this your
> suggestion too! ;-)

Use default deny and break up the logic into chains (within reason). Makes things a lot easier to maintain. Did for me, anyway.

-- 
Glenn English
ghe@xxxxxxxxxxx





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux