Date: Thu, 9 Sep 2010 09:00:59 -0400 From: Tony <rigstars@gmail.com> To: freebsd-ipfw@freebsd.org Subject: Please convert the equivalent of these rules into IPFW Message-ID: <AANLkTik7cUoYC3fB-a3jKZbpf64ozva3ECusJr5sNxLK@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Can some please convert these iptable rules in IPFW #Allow Squid outbound access on port 8080 (Dansguardian) iptables -t nat -A OUTPUT -p tcp -m tcp --dport 8080 -m owner --uid-owner squid -j ACCEPT # Allow Squid outbound access on port 80 iptables -t nat -A OUTPUT -p tcp -m tcp --dport 80 -m owner --uid-owner squid -j ACCEPT # Don't redirect root on port 80 iptables -t nat -A OUTPUT -p tcp -m tcp --dport 80 -m owner --uid-owner root -j ACCEPT # Don't redirect root on port 3128 (Squid) iptables -t nat -A OUTPUT -p tcp -m tcp --dport 3128 -m owner --uid-owner root -j ACCEPT # Redirect all requests on port 80 to 8080 (Dansguardian) iptables -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 # Accept requests on port 3128 from nobody (Dansguardian user) iptables -t nat -A OUTPUT -p tcp -m tcp --dport 3128 -m owner --uid-owner nobody -j ACCEPT # Redirect all other requests on port 3128 to 8080 to prevent users from getting around Dansguardian by going directly to Squid iptables -t nat -A OUTPUT -p tcp -m tcp --dport 3128 -j REDIRECT --to-ports 8080 # Delete the NOTRACK rule that SuSEfirewall2 adds to the raw table of the OUTPUT chain iptables -t raw -D OUTPUT -o lo -j NOTRACK
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTik7cUoYC3fB-a3jKZbpf64ozva3ECusJr5sNxLK>