From owner-freebsd-pf@FreeBSD.ORG Fri Sep 21 20:19:15 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A690F16A41A for ; Fri, 21 Sep 2007 20:19:15 +0000 (UTC) (envelope-from linux@giboia.org) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.188]) by mx1.freebsd.org (Postfix) with ESMTP id 1767613C455 for ; Fri, 21 Sep 2007 20:19:14 +0000 (UTC) (envelope-from linux@giboia.org) Received: by nf-out-0910.google.com with SMTP id b2so816625nfb for ; Fri, 21 Sep 2007 13:19:13 -0700 (PDT) Received: by 10.82.177.3 with SMTP id z3mr1498930bue.1190405952517; Fri, 21 Sep 2007 13:19:12 -0700 (PDT) Received: by 10.82.135.11 with HTTP; Fri, 21 Sep 2007 13:19:12 -0700 (PDT) Message-ID: <6e6841490709211319n5585b3c0kf92b55b7882d45cf@mail.gmail.com> Date: Fri, 21 Sep 2007 17:19:12 -0300 From: "Gilberto Villani Brito" To: Umar In-Reply-To: <12825908.post@talk.nabble.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <12825908.post@talk.nabble.com> Cc: freebsd-pf@freebsd.org Subject: Re: local proxy X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Sep 2007 20:19:15 -0000 On 21/09/2007, Umar wrote: > > Dear Members!! > > I want to restrict my users that they don't bypass my squid proxy in linux > iptables I achieved with these rulese. > > $IPTABLES -t nat -A PREROUTING -s 192.168.1.0/24 -d ! 192.168.1.250 -p TCP > --dport 3128 -j DROP > $IPTABLES -t nat -A PREROUTING -s 192.168.1.0/24 -d ! 192.168.1.250 -p TCP > --dport 8080 -j DROP > $IPTABLES -t nat -A PREROUTING -s 192.168.1.0/24 -d ! 192.168.1.250 -p TCP > --dport 80 -j DROP > $IPTABLES -t nat -A PREROUTING -s 192.168.1.0/24 -d ! 192.168.1.250 -p TCP > --dport 6588 -j DROP > > now please help me how I can do the same thing with PF > > Regards, > > Umar Draz > > > -- > View this message in context: http://www.nabble.com/local-proxy-tf4497398.html#a12825908 > Sent from the freebsd-pf mailing list archive at Nabble.com. > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > Try this: block in quick proto tcp from 192.168.1.0/24 to ! 192.168.1.250 port 3128 block in quick proto tcp from 192.168.1.0/24 to ! 192.168.1.250 port 8080 block in quick proto tcp from 192.168.1.0/24 to ! 192.168.1.250 port 80 block in quick proto tcp from 192.168.1.0/24 to ! 192.168.1.250 port 6588 -- Gilberto Villani Brito System Administrator Londrina - PR Brazil gilbertovb(a)gmail.com