Re: Transparent Linux Squid Firewall Rules.

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 11 Aug 1998 15:29:19 +0200

Chris Keladis wrote:

> ipfwadm -I -a accept -W lo
> ipfwadm -I -a accept -S test-proxy -W eth0
> ipfwadm -I -a accept -D 0/0 80 -P tcp -r 3128 -W eth0
>
> Now this works, but aren't the first two lines excess, in an
> "allow all policy" type firewall setup?

The first two lines says that loopback and traffic destinated for this
machine should not be redirected to Squid.

These ipfwadm rules are not blocks. They are simply a routing decision
that traffic destinated to the local machine should be handled as such,
and not redirected to Squid.

These ipfwadm rules
* Prevents loops
* Allows one to run a local http server on port 80 for cachemgr,
statistics, proxy PAC files and other usefull things.

1.2beta22 and later has built-in loop prevention (as documented in
ChangeLog).

1.1.X loop prevention patch is available from
http://hem.passagen.se/hno/squid/

---
Henrik Nordström
Received on Tue Aug 11 1998 - 06:47:05 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:41:28 MST