On Thu, Oct 03, 2013 at 09:24:34AM +0200, Jiri Popelka wrote:
On 09/30/2013 05:42 PM, Jiri Popelka wrote:
><direct>
> [ <rule ipv="ipv4" table="filter"
chain="FORWARD_direct"
>priority="0"> -m mark ! --mark 1/1 -j NFQUEUE </rule> ]
Without the [ and ] (no idea how it got there).
So once again:
<?xml version="1.0" encoding="utf-8"?>
<direct>
<rule ipv="ipv4" table="filter"
chain="FORWARD_direct"
priority="0"> -m mark ! --mark 1/1 -j NFQUEUE </rule>
<rule ipv="ipv4" table="nat"
chain="PREROUTING_direct"
priority="0"> -p tcp --dport 80 -j DNAT --to 192.168.1.2:3129
</rule>
<rule ipv="ipv4" table="nat"
chain="OUTPUT_direct"
priority="0"> -p tcp --dport 80 -m owner --gid-owner squid -j
ACCEPT </rule>
<rule ipv="ipv4" table="nat"
chain="OUTPUT_direct"
priority="1"> -p tcp --dport 80 -m owner --uid-owner squid -j ACCEPT
</rule>
<rule ipv="ipv4" table="nat"
chain="OUTPUT_direct"
priority="2"> -p tcp --dport 3129 -m owner --uid-owner squid -j
ACCEPT </rule>
<rule ipv="ipv4" table="nat"
chain="OUTPUT_direct"
priority="3"> -p tcp --dport 80 -j REDIRECT --to-ports 3129 </rule>
</direct>
--
Jiri
--
security mailing list
security(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/security
Sorry, top posted.
Has firewall.state been shipped yet?
Lance