Chris Robertson wrote:
> Something like:
>
> iptables -A INPUT -i eth0 --dport 3128 -j REJECT
>
> (assuming that you are using eth0) should do it. If the box is acting as
> a gateway, then add the same rule for each ethernet interface.
>
> Chris
Thank you for your suggestion. I should have said: I've already tried this,
but nmap will then show
3128/tcp filtered squid-http
which still tells the users that a Squid is running. This also happens with
DROP. And what's worse, it blocks the use of Squid, eventhough I state "-i
eth1". Possibly I'm using Iptables incorrectly, I'll keep trying.
I think you need to state the protokol like this: "-p tcp" when you use
dport.
//Niels
Received on Thu May 12 2005 - 12:40:55 MDT
This archive was generated by hypermail pre-2.1.9 : Wed Jun 01 2005 - 12:00:02 MDT