HI,
I wish to lock my Squid Proxy completely. I want the ipchains/iptables to
be configured to only allow the squid proxy to run completely with no
restrictions, and I want everything else locked.
My squid runs on port: 3128 (default)
PLease tell me is this the best way to do it, if not please show me the best
way.
INPUT(DENY)
Network which will access the squid proxy. ACCEPT on port 3128 ONLY.
EVERYTHING ELSE DENIED
FORWARD(DENY)
OUTPUT(ACCEPT)
WIll this lock my squid box completely? Is there any other things I can do
to lock it further. I ask a question about the OUTPUT rules. can I have
that on DENY? or will that stop squid accessing the internet?
Please let me know if there is other options. ALL i need to do is allow my
network to access the squid proxy server and squid to access the internet.
I have 1 network card, Squid has 1 live internet IP address. I do NOT want
anything else open e.g. telnet, ssh etc.. SQUID (3128) only.
Your advice appreciated on this matter.
Thanx.
- Ben
Received on Sat Jun 16 2001 - 20:56:50 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:46 MST