On 22/04/2014 7:59 a.m., Tobias Krais wrote: > Hi Amos, > > first of all: you're great! It works! > > Your explanations were very helpful! Now I understand that I had a > failure since years in my config, but squid just allowed me to work with > it. > Welcome. > Regarding my firewall rules I have a OT question: > >>> # Port 80 Traffic automatisch auf Dansguardian legen # Traffic von >>> root akzeptieren iptables -t nat -A OUTPUT -p tcp --dport 80 -m >>> owner --uid-owner root -j ACCEPT iptables -t nat -A OUTPUT -p tcp >>> --dport 80 -m owner --uid-owner proxy -j ACCEPT # ... alle anderen >>> Benutzer auf Port 8080 umbiegen iptables -t nat -A OUTPUT -p tcp >>> --dport 80 -j REDIRECT --to-port 8080 iptables -t nat -A OUTPUT -p >>> udp --dport 80 -j REDIRECT --to-port 8080 >> >> NOTE: HTTP does not travel over UDP. > > I never thought about this issue. This means that I can delete my UDP > firewall rules, because squid and dansguardian does not filter it. Am i > right? Unless you have something else that it was specifically being used or beyond HTTP (CoAPS? ICP/HTCP?) then yes it can probably go. Amos
