On Sun, 2004-05-02 at 17:56, Ken Foskey wrote: > On Sun, 2004-05-02 at 17:08, Ken Foskey wrote: > > > > And.... How do I block port 80 on eth1 using ipmasq (ipchains) under > > > debian. > > > > All I need to do now is figure out how to ensure the proxy is used. > > Turns out that I am using iptables (K 2.4.26) I think this command > should do the drop that I want. > > iptables -A INPUT -j DROP -p tcp -d 0/0 --destination-port www > > Is this right, will is stop squid going out? > Where do I put this in the startup to make it work?
Depends onyour distro. Debian has a iptables init script - you can save the rules (using /etc/init.d/iptables save) to /var/lib/active, and it will load them automatically. If you have a rc.local you can manually put the rules in there - lots of options. I suggest you use -j REJECT rather than -j DROP - that way the users will recieve an immediate error, not a long delay. Rob -- GPG key available at: <http://www.robertcollins.net/keys.txt>.
signature.asc
Description: This is a digitally signed message part
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
