forbidden user proxy other

Jörg Harmuth harmuth at
Tue Aug 2 10:14:12 CEST 2005

bend chen schrieb:
> hi,netfilter
> 	I have manager some PC,some one can used my netfilter box access Internet,others can't access Internet.
> but I find some PC installed proxy program (wingate\ccproxy...)  proxy some user's pc access Internet.
> how can i set my firewall to forbidden user use proxy program?

If I understand correctly, you want to allow proxy access for some users
and other users are forbidden to use the proxy.If so, what about this:

Structure your network, put allowed users in one network segment and
forbidden users in a different segment. Then the following rules should
get you started.

iptables -P INPUT DROP
iptables -P FORWARD DROP

iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED \
   -j ACCEPT
   --dport $PROXY_PORT -j ACCEPT
[Some other rules you need]

Finally I would like to suggest reading "man iptables" and this
excellent tutorial by Oskar Andreasson:

Good luck,


More information about the netfilter mailing list