Re: Proxy or Filtering Firewall ?

["Geva Patz" <geva () planet co za>]

> I'm trying to use Squid and Ipfwadm on a Linux machine and I've had some
difficults.
> When I deny the http access to the outside to some clients using Ipfwadm,
based on
> their Ip address, It works fine when the client's browser is not
configured to use the > proxy, but when it is, the rule is bypassed. Is
there any configuration on the
> squid.conf that makes
> this not happen ?


If you're running squid and IP filtering on the same box, you could simply
add a rule to restrict incoming traffic to the box from the offending IP
address. For example:

ipfwadm -I -a reject -P tcp -S a.a.a.a -D b.b.b.b 3128

Where a.a.a.a is the offending IP address, b.b.b.b is the address of your
box, and 3128 is the default squid cache port.

Alternatively, in squid.conf, add lines like this:

acl badusers src a.a.a.a/32 b.b.b.b/32 c.c.c.c/32
http_access deny badusers

(add these lines before existing http_access lines to make sure they have
the desired effect)

-- Geva Patz