Le 11/03/2018 à 11:17, Amos Jeffries a écrit : > The process is not getting anywhere close to caching being relevant. The > error you mentioned earlier is in the TLS handshake part of the process. I've experimented some more, and I have a partial success. Here, I'm redirecting all HTTPS traffic *except* the one that goes to my bank: iptables -A PREROUTING -t nat -i $IFACE_LAN -p tcp ! -d www.credit-cooperatif.coop --dport 443 -j REDIRECT --to-port 3129 This works because my bank is hosted on a single IP. As soon as I replace that with a domain that's hosted on multiple IP's, I get this: iptables -A PREROUTING -t nat -i $IFACE_LAN -p tcp ! -d www.google.com --dport 443 -j REDIRECT --to-port 3129 # firewall.sh iptables v1.4.21: ! not allowed with multiple source or destination IP addresses So my question is: how can I write an iptables rule (or series of rules) that redirect all traffic to my proxy, *except* the one going to <list_of_domains> ? Cheers, Niki -- Microlinux - Solutions informatiques durables 7, place de l'église - 30730 Montpezat Site : https://www.microlinux.fr Blog : https://blog.microlinux.fr Mail : info@xxxxxxxxxxxxx Tél. : 04 66 63 10 32 _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
