Firewall Wizards mailing list archives
Re: Proxy or Filtering Firewall ?
From: "Geva Patz" <geva () planet co za>
Date: Tue, 27 Jul 1999 08:10:01 +0200
I'm trying to use Squid and Ipfwadm on a Linux machine and I've had some
difficults.
When I deny the http access to the outside to some clients using Ipfwadm,
based on
their Ip address, It works fine when the client's browser is not
configured to use the > proxy, but when it is, the rule is bypassed. Is there any configuration on the
squid.conf that makes this not happen ?
If you're running squid and IP filtering on the same box, you could simply add a rule to restrict incoming traffic to the box from the offending IP address. For example: ipfwadm -I -a reject -P tcp -S a.a.a.a -D b.b.b.b 3128 Where a.a.a.a is the offending IP address, b.b.b.b is the address of your box, and 3128 is the default squid cache port. Alternatively, in squid.conf, add lines like this: acl badusers src a.a.a.a/32 b.b.b.b/32 c.c.c.c/32 http_access deny badusers (add these lines before existing http_access lines to make sure they have the desired effect) -- Geva Patz
Current thread:
- Proxy or Filtering Firewall ? fgb (Jul 26)
- Re: Proxy or Filtering Firewall ? Geva Patz (Jul 27)