Prevent circumventing dansguardian with pf

Score:

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Allen Theobald <allen_theobald2@...>

To: <misc@...>

Subject: Prevent circumventing dansguardian with pf

Date: Wednesday, April 25, 2007 - 11:05 am

Greetings!  Included below is my pf.conf set up to use 
dansguardian (proxyport 3128, filterport 8080)
and tinyproxy (listen port 3128) as a transparent 
proxy.

What changes do I need to make to keep someone on 
int_if/int_net from circumventing dansguardian
by changing their browser to point to 3128?

Thanks and take care,

Allen

------8<------cut here------8<------

ext_if="rl0"
int_if="xl0"
int_net="192.168.0.0/24"
proxy_server  =  "127.0.0.1"

tcp_services="{ 113 }"
icmp_types="echoreq"

set block-policy return
set skip on lo
scrub in

nat on $ext_if from !($ext_if) -> ($ext_if:0)
rdr on $int_if inet proto tcp 
   from $int_net 
   to any port www -> $proxy_server port 8080

block in

antispoof quick for { lo $int_if }

pass in inet proto icmp all icmp-type $icmp_types keep state
pass in on $ext_if inet proto tcp 
   from any 
   to ($ext_if) port $tcp_services flags S/SA keep state
pass on $int_if
pass out keep state
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Prevent circumventing dansguardian with pf, Allen Theobald, (Wed Apr 25, 11:05 am)

Re: Prevent circumventing dansguardian with pf, Bryan Irvine, (Mon May 7, 9:31 pm)

Re: Prevent circumventing dansguardian with pf, Chad M Stewart, (Wed Apr 25, 1:29 pm)

Re: Prevent circumventing dansguardian with pf, Henning Brauer, (Fri May 4, 9:10 am)

Re: Prevent circumventing dansguardian with pf, Open Phugu, (Fri May 4, 9:26 am)

Re: Prevent circumventing dansguardian with pf, Joachim Schipper, (Fri May 4, 10:04 am)

Re: Prevent circumventing dansguardian with pf, Bret Lambert, (Fri May 4, 9:47 am)

Re: Prevent circumventing dansguardian with pf, Sebastian Benoit, (Fri May 4, 11:38 am)

Re: Prevent circumventing dansguardian with pf, Jeffrey C. Ollie, (Fri May 4, 10:37 am)

Re: Prevent circumventing dansguardian with pf, Henning Brauer, (Fri May 4, 9:42 am)

Re: Prevent circumventing dansguardian with pf, Antoine Jacoutot, (Fri May 4, 10:01 am)


linux-kernel:
Rafael J. Wysocki	2.6.28-rc3-git6: Reported regressions from 2.6.27
Rafael J. Wysocki	[Bug #11207] VolanoMark regression with 2.6.27-rc1
Matthew Wilcox	[PATCH] Fix boot-time hang on G31/G33 PC
Greg KH	[GIT PATCH] driver core patches against 2.6.24
git:
Jon Smirl	! [rejected] master -> master (non-fast forward)
Jon Smirl	Packfile can't be mapped
Sverre Rabbelier	Git vs Monotone
Shawn O. Pearce	libgit2 - a true git library
openbsd-misc:
Richard Stallman	Real men don't attack straw men
GVG GVG	ssh_exchange_identification: Connection closed by remote host
Douglas A. Tutty	OBSD's perspective on SELinux
Girish Venkatachalam	Ethernet jumbo frames?
linux-netdev:
Volker Armin Hemmann	build error with 2.6.27.6+reiser4+ehci-hub patch. ERROR: "mii_ethtool_gset" [drive...
Michael Grollman	Re: 8169 Intermittent ifup Failure Issue With RTL8102E Chipset in Intel's New D945...
Evgeniy Polyakov	[resend take 2 0/4] Distributed storage.
Krzysztof Halasa	Re: [PATCH v2] Re: WAN: new PPP code for generic HDLC


serial driver xmit problem	2 minutes ago	Linux kernel
Why Windows is better than Linux	2 minutes ago	Linux general
How can I see my kernel messages in vt12?	6 hours ago	Linux kernel
Grub	18 hours ago	Linux general
vmalloc_fault handling in x86_64	1 day ago	Linux kernel
epoll_wait()ing on epoll FD	1 day ago	Linux kernel
Framebuffer in x86_64 causes problems to multiseat	1 day ago	Linux kernel
Difference between 2.4 and 2.6 regarding thread creation	1 day ago	Linux general
Netfilter kernel module	1 day ago	Linux kernel
Compiling gfs2 on kernel 2.6.27	1 day ago	Linux kernel

Prevent circumventing dansguardian with pf

Online users