Colin Alston wrote: > What we do that works very nicely is to define a subzone so we have loc > and cloc:loc in zones, loc policy is to drop all and cloc policy is to > allow all. Squid has a url_rewrite program that does 'shorewall add > eth0:whatever cloc' and then they can breakout.
Beware that dynamic zones, which are required by 'shorwall add', are no longer supported by Shorewall-perl as of Shorewall 4.2. Any new application along these lines should be built on ipsets instead. ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
