On 21/09/2007, Umar <unix.co gmail.com> wrote:
>
> Dear Members!!
>
> I want to restrict my users that they don't bypass my
squid proxy in linux
> iptables I achieved with these rulese.
>
> $IPTABLES -t nat -A PREROUTING -s 192.168.1.0/24 -d !
192.168.1.250 -p TCP
> --dport 3128 -j DROP
> $IPTABLES -t nat -A PREROUTING -s 192.168.1.0/24 -d !
192.168.1.250 -p TCP
> --dport 8080 -j DROP
> $IPTABLES -t nat -A PREROUTING -s 192.168.1.0/24 -d !
192.168.1.250 -p TCP
> --dport 80 -j DROP
> $IPTABLES -t nat -A PREROUTING -s 192.168.1.0/24 -d !
192.168.1.250 -p TCP
> --dport 6588 -j DROP
>
> now please help me how I can do the same thing with PF
>
> Regards,
>
> Umar Draz
>
>
> --
> View this message in context: http://www.nabble.com/local-proxy-tf4497398.html#a1282
5908
> Sent from the freebsd-pf mailing list archive at
Nabble.com.
>
> _______________________________________________
> freebsd-pffreebsd.org mailing list
>
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
>
Try this:
block in quick proto tcp from 192.168.1.0/24 to !
192.168.1.250 port 3128
block in quick proto tcp from 192.168.1.0/24 to !
192.168.1.250 port 8080
block in quick proto tcp from 192.168.1.0/24 to !
192.168.1.250 port 80
block in quick proto tcp from 192.168.1.0/24 to !
192.168.1.250 port 6588
--
Gilberto Villani Brito
System Administrator
Londrina - PR
Brazil
gilbertovb(a)gmail.com
_______________________________________________
freebsd-pffreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
|
