Hi everybody,
is there an easy way ("easy" in the way that I won't have to make too many
changes from the default setup, avoiding to drift away too much from the
default settings) to make a Dachstein CD (1.0.2) firewall block all
_outgoing_ traffic, except for one host (which runs the proxy servers)?
Obviously, it's not a terribly big deal to insert the rules to do that, but
maybe I'm missing something obvious that would make it even easier (and,
should I need help from the list one day, easier to explain what my ipchains
rules look like, without having to wade through all the extra rules that
I've inserted).
It's a _very_ simple setup, nothing is port-forwarded to the internal net,
no DMZ, no external open ports, nothing. Just a masquerading firewall, that
should block all traffic, exept for request packets from (and obviously,
response packets to) the _one_ proxy server.
Before you ask, yes, I'm paranoid - I don't want _any_ connections to be
able to be initiated from the internal network, except for HTTP, HTTPS and
FTP (which are handled by a Squid server, running on the internal net). All
IPs (internal and external) are static, if that matters.
Thanks,
Martin
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
