Firewall3 exclude multiple ip on redirect

lucize · September 18, 2018, 2:37pm

@jow can you please help me transforming the following firewall (shorewall) rule in firewall3 ?

REDIRECT loc:!192.168.0.209,192.168.0.28 1112 tcp 80 - !xx.yy.184.161,aa.bb.21.32

so I want to redirect all loc traffic, except 192.168.0.209 and 192.168.0.28 (or a range ?) to 1112 for www traffic (squid intercept) but for some destination also to be excluded.
the current firewall3 options only allow you to add one exclusion or at least the web interface only allow this

config redirect
        option name 'squid'
        option target 'DNAT'
        option proto 'tcp'
        option src 'lan'
        option src_dport '80'
        option dest_ip '192.168.0.1'
        option dest_port '1112'
        option dest 'lan'
        option src_dip '!xx.yy.184.161'

vgaetera · September 18, 2018, 5:36pm

You can filter traffic by mark or with ipset.

Firewall configuration reference:

Shorewall syntax reference:
http://shorewall.net/manpages/shorewall-rules.html

Example 4:
Redirect all locally-originating www connection requests to port 3128 on the firewall (Squid running on the firewall system) except when the destination address is 192.168.2.2
   #ACTION  SOURCE DEST      PROTO DPORT   SPORT   ORIGDEST
   REDIRECT loc    3128      tcp   www      -      !192.168.2.2

system · October 31, 2018, 11:32pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.