Firewall3 exclude multiple ip on redirect

@jow can you please help me transforming the following firewall (shorewall) rule in firewall3 ?

REDIRECT loc:!, 1112 tcp 80 - !xx.yy.184.161,

so I want to redirect all loc traffic, except and (or a range ?) to 1112 for www traffic (squid intercept) but for some destination also to be excluded.
the current firewall3 options only allow you to add one exclusion or at least the web interface only allow this

config redirect
        option name 'squid'
        option target 'DNAT'
        option proto 'tcp'
        option src 'lan'
        option src_dport '80'
        option dest_ip ''
        option dest_port '1112'
        option dest 'lan'
        option src_dip '!xx.yy.184.161'

You can filter traffic by mark or with ipset.

Firewall configuration reference:

Shorewall syntax reference:

Example 4:
Redirect all locally-originating www connection requests to port 3128 on the firewall (Squid running on the firewall system) except when the destination address is

   REDIRECT loc    3128      tcp   www      -      !

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.