Rules are consulted sequentially until a match is made. I think you can just add rules that specifically allow those 6 machines followed by the exclusionary rules.
Michael On Thursday 10 November 2005 02:37 pm, [EMAIL PROTECTED] wrote: > All - > > I have a gateway/router setup to route all outbound web traffic back > through Dansguardian and Squid, (for proxy/content filtering) - then out > to the internet if they pass the test -- > > Here's the primary rule......... > echo "Proxy Adjustment being made." > iptables -t nat -A PREROUTING -i eth1 -s ! 192.168.10.12 -p tcp --dport 80 > -j DNAT --to 192.168.10.12:88 > iptables -t nat -A POSTROUTING -o eth1 -s 192.168.10.0/24 -d 192.168.10.12 > -j SNAT --to 192.168.10.1 > iptables -A FORWARD -s 192.168.10.0/24 -d 192.168.10.12 -i eth1 -o eth1 -p > tcp --dport 88 -j ACCEPT > > > I need to have 6 ip's in the 10.x range be excluded from filtering and > allowed out. What would be the rule I'd use? Would I have to add all the > IP's that are to be blocked and just not include the ones I need to bypass > the proxy? > > TIA, > Mark > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
