From: /dev/rob0 <rob0@gmx.co.uk>
To: netfilter@vger.kernel.org
Subject: Re: transparent proxy
Date: Sat, 13 Mar 2010 04:05:05 -0600 [thread overview]
Message-ID: <20100313100504.GA10986@minipax> (raw)
In-Reply-To: <4B9B4B03.7000708@chello.at>
On Sat, Mar 13, 2010 at 09:21:23AM +0100, Mart Frauenlob wrote:
> Amos Jeffries:
> > Please read the Squid FAQ examples of how to configure policy
> > routing ...
> >
> > Router:
> > http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute
> >
> > Squid box:
> > http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat
>
> I'd like to ask, if in the above examples, the ACCEPT rules need
> to be placed in the mangle table?
> Is there a specific reason, couldn't it be done in the filter
> table?
> As that would be the intended/preferred use for filtering?
> If so, don't the examples teach people 'bad manners'?
I think Mart is misunderstanding the effect of ACCEPT in mangle. It
does not override nor bypass the filter table. It merely means, "we
are done mangling this packet."
The MARK target is one of those sneaky non-terminating targets. A
mark is applied, and the packet continues in that particular chain.
Further -j MARK rules could be applied. The ACCEPT rule prevents
this.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
next prev parent reply other threads:[~2010-03-13 10:05 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-09 23:44 transparent proxy Marco Schuth
2010-03-10 0:23 ` Amos Jeffries
2010-03-13 8:21 ` Mart Frauenlob
2010-03-13 10:05 ` /dev/rob0 [this message]
2010-03-13 12:08 ` Mart Frauenlob
2010-03-13 12:11 ` Mart Frauenlob
2010-03-13 16:41 ` /dev/rob0
2010-03-13 21:58 ` Mart Frauenlob
-- strict thread matches above, loose matches on Subject: below --
2005-02-03 12:30 Luca Ferrari
2005-02-03 15:58 ` Jens Knoell
2005-02-05 18:22 ` Andreas Unterkircher
2005-02-05 19:42 ` Adrian C.
2005-02-05 20:22 ` Andreas Unterkircher
2005-02-05 20:47 ` Andreas Unterkircher
2004-03-17 12:33 Fredrik Emil Jensen
2004-03-17 14:21 ` David Cannings
2004-03-15 9:19 Fredrik Emil Jensen
2004-03-16 1:57 ` Alexander Samad
2004-03-16 8:44 ` Antony Stone
2004-02-27 19:19 Guillermo Chui Lau
2004-02-27 8:48 Tomasz Macioszek
2004-02-27 9:18 ` Jeroen Vriesman
2004-02-27 9:27 ` Antony Stone
2004-02-27 10:25 ` Jeroen Vriesman
2004-02-27 11:50 ` John A. Sullivan III
2004-02-27 17:00 ` Daniel F. Chief Security Engineer -
2003-09-10 21:19 Transparent Proxy Kilson Arruda
2002-11-25 13:04 Cyril COUPEL
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100313100504.GA10986@minipax \
--to=rob0@gmx.co.uk \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.