Transparent Linux Squid Firewall Rules.

From: Chris Keladis <chrisk@dont-contact.us>
Date: Tue, 11 Aug 1998 14:29:57 +1000

Hi folks,

I am a little unclear on the firewall rules to do transparent proxy'ing and
to prevent Squid from being stuck in endless loops.

I have transparency working, and everything is just dandy, but I would like
an explanation as to how the rules work, exactly.

The rules are:

ipfwadm -I -a accept -W lo
ipfwadm -I -a accept -S test-proxy -W eth0
ipfwadm -I -a accept -D 0/0 80 -P tcp -r 3128 -W eth0

Now this works, but aren't the first two lines excess, in an "allow all
policy" type firewall setup?

Should it be deny all, and allow access to the loopback, and to do
re-directing? Could there be drawbacks or advantages using either method?

And is Squid-1.2beta23+patches smart enough now to properly handle routing
loops that firewall blocks are no longer necessary?

Many thanks in advance,

Chris.
Received on Mon Aug 10 1998 - 21:30:35 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:41:28 MST