Please convert the equivalent of these rules into IPFW
Tony
rigstars at gmail.com
Thu Sep 9 13:01:00 UTC 2010
Can some please convert these iptable rules in IPFW
#Allow Squid outbound access on port 8080 (Dansguardian)
iptables -t nat -A OUTPUT -p tcp -m tcp --dport 8080 -m owner --uid-owner
squid -j ACCEPT
# Allow Squid outbound access on port 80
iptables -t nat -A OUTPUT -p tcp -m tcp --dport 80 -m owner --uid-owner
squid -j ACCEPT
# Don't redirect root on port 80
iptables -t nat -A OUTPUT -p tcp -m tcp --dport 80 -m owner --uid-owner
root -j ACCEPT
# Don't redirect root on port 3128 (Squid)
iptables -t nat -A OUTPUT -p tcp -m tcp --dport 3128 -m owner --uid-owner
root -j ACCEPT
# Redirect all requests on port 80 to 8080 (Dansguardian)
iptables -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j REDIRECT --to-ports
8080
# Accept requests on port 3128 from nobody (Dansguardian user)
iptables -t nat -A OUTPUT -p tcp -m tcp --dport 3128 -m owner --uid-owner
nobody -j ACCEPT
# Redirect all other requests on port 3128 to 8080 to prevent users from
getting around Dansguardian by going directly to Squid
iptables -t nat -A OUTPUT -p tcp -m tcp --dport 3128 -j REDIRECT
--to-ports 8080
# Delete the NOTRACK rule that SuSEfirewall2 adds to the raw table of the
OUTPUT chain
iptables -t raw -D OUTPUT -o lo -j NOTRACK
More information about the freebsd-ipfw
mailing list