On 01/20/10 16:53, Joseph wrote: > I'm testing squid and want to allow only one domain but it is not > working (using iptable + squid) > iptable: > ACCEPT tcp -- anywhere anywhere tcp > dpt:http owner UID match squid > ACCEPT tcp -- anywhere anywhere tcp > dpt:3128 owner UID match squid > REDIRECT tcp -- anywhere anywhere tcp > dpt:http redir ports 3128
Using "owner" is incorrect, as the packets are not locally generated so the OS has no user context for them.