[Firehol-support] src/dst include/exclude
Daniel L. Miller
dmiller at amfes.com
Fri Jun 1 23:23:12 BST 2007
Costa Tsaousis wrote:
> Daniel L. Miller wrote:
>
>> Is there a way to specify "all but one" in a src / dst parameter?
>> Something like "src not 192.168.0.73 src 192.168.0.0/24"?
>>
>>
>>
> group with src 192.168.0.0/24
> server smtp accept src not 192.168.0.73
> group end
>
> or
>
> group with src 192.168.0.0/24
> group with src not 192.168.0.73
> server smtp accept
> server imap accept
> ...
> group end
> group end
>
> Costa
>
Sorry, should have been more specific - I wanted to do this with a
helper. Something like
transparent_proxy "80" 8080 "root proxy" inface not eth2 src
"192.168.0.0/24" not "192.168.0.71 192.168.0.72 192.168.0.73"
This is supposed to mean, "Proxy from port 80 to port 8080, when the
request did not come from interface eth2 (eth2 is the internet), for any
legal address in my subnet 192.168.0.0/24 - except for HTTP requests
from the internal Squid server's three addresses".
--
Daniel
More information about the Firehol-support
mailing list