On 22/04/2014 7:59 a.m., Tobias Krais wrote:
> Hi Amos,
>
> first of all: you're great! It works!
>
> Your explanations were very helpful! Now I understand that I had a
> failure since years in my config, but squid just allowed me to work with
> it.
>
Welcome.
> Regarding my firewall rules I have a OT question:
>
>>> # Port 80 Traffic automatisch auf Dansguardian legen # Traffic von
>>> root akzeptieren iptables -t nat -A OUTPUT -p tcp --dport 80 -m
>>> owner --uid-owner root -j ACCEPT iptables -t nat -A OUTPUT -p tcp
>>> --dport 80 -m owner --uid-owner proxy -j ACCEPT # ... alle anderen
>>> Benutzer auf Port 8080 umbiegen iptables -t nat -A OUTPUT -p tcp
>>> --dport 80 -j REDIRECT --to-port 8080 iptables -t nat -A OUTPUT -p
>>> udp --dport 80 -j REDIRECT --to-port 8080
>>
>> NOTE: HTTP does not travel over UDP.
>
> I never thought about this issue. This means that I can delete my UDP
> firewall rules, because squid and dansguardian does not filter it. Am i
> right?
Unless you have something else that it was specifically being used or
beyond HTTP (CoAPS? ICP/HTCP?) then yes it can probably go.
Amos
Received on Tue Apr 22 2014 - 03:13:30 MDT
This archive was generated by hypermail 2.2.0 : Tue Apr 22 2014 - 12:00:06 MDT