Brian wrote:
> ipfwadm -I -a accept -P tcp -D thishost 80
Correct. It was a error in my previous post ;-)
> So now, i have squid answering on 3128, and my rules look like:
>
> IP firewall input rules, default policy: accept
> type prot source destination ports
> acc all anywhere anywhere n/a
> acc tcp anywhere constellation.shreve.net any -> www
> acc/r tcp anywhere anywhere any -> www => 3128
>
> (constellation.shreve.net is my squid machine)
>
> Should this avoid those infinite loops?
Yes. Now you have a rule that allows traffic throught to the local port
80 when requested. Always use -e option when printing firewall rules, as
the default format omits the interface names and other important
information (the first rule only matches packets on the loop-back
interface).
--- Henrik Nordström Sparetime Squid HackerReceived on Sun Feb 08 1998 - 10:55:42 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:38:49 MST