Thomas Marschall wrote: > That might work... This firewall is going to be a proxy server running > squid. We will be forcing proxying so we will have this rule loaded: > REDIRECT loc 8080 tcp 80,443 -
You *cannot* transparently proxy HTTPS. If you could, then HTTPS (and SSL in fact) would be susceptible to "Man in the Middle" attacks. > I'm trying to make sure I understand how this works... will this rule > put a matched packet onto the input chain so we can log its mac address? Yes. > Without this rule a packet destined for the internet would otherwise > just hit the forward chain correct? Correct. > We will also have the proxy port open on 8080 for clients that are > configured to use it. Web clients that have the proxy configured should > send their packets in on the input chain correct? Correct. > If so, then here is > the next part: Will the maclist process before your suggested rule? I don't understand the question -- the syntax appears to be garbled. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
