[Firehol-support] squid tproxy support

Phil Whineray phil at sanewall.org
Sun Mar 29 08:55:31 BST 2015


On Sun, Mar 29, 2015 at 01:32:05AM +0100, David Touzeau wrote:
> tproxy 80 port 3128


> How to set the rule in order to prevent catching proxy requests itself ?

You have to identify the proxy traffic in some way and exclude it
with optional rule parameters.

Since your proxy is on the local host, then the most likely choice
is to exclude either the source IP address or more likely still,
specific users (only locally generated traffic can be matched by user).

Something like this should work, assuming your proxy runs as user squid,
and also allow root unproxied traffic:

  tproxy 80 port 3128 uid not "root squid"


More information about the Firehol-support mailing list