From: Mike Kazantsev <mike_kazantsev@fraggod.net>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Restricting Firefox website access
Date: Sat, 17 Jan 2009 11:30:45 +0500 [thread overview]
Message-ID: <20090117113045.42c110ff@coercion> (raw)
In-Reply-To: <49bf44f10901162134o79953e71y393c6a340c398dbe@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1116 bytes --]
On Fri, 16 Jan 2009 21:34:59 -0800
Grant <emailgrant@gmail.com> wrote:
> I think this leaves a squid proxy setup as my only option?
Sorry, I haven't noticed the fact that there are machines behind the
firewall that need to be restricted, and aforementioned rule certainly
won't do that.
Squid setup should certainly be a solid solution to the problem.
It should also save quite a lot of traffic and speed up browsing via
common cache.
You can actually disable nat on the firewall if there are no specific
software requiments that can't work with http proxy, which are quite
rare, with the exception of games and p2p software.
And since you're using gentoo you can also pass rsync traffic through
a proxy. Rsync (as well as wget and lots of other tools) will use proxy
automatically if RSYNC_PROXY (http_proxy/ftp_proxy for other apps,
lower- and uppercase) env var is set.
For squid to pass rsync traffic you'll need to specify rsync ports in
squid.conf, like this:
acl SSL_ports port 873 # rsync
acl Safe_ports port 873 # rsync
--
Mike Kazantsev // fraggod.net
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 197 bytes --]
next prev parent reply other threads:[~2009-01-17 6:33 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-01-07 21:44 [gentoo-user] Restricting Firefox website access Grant
2009-01-07 21:54 ` Paul Hartman
2009-01-08 20:57 ` Kyle Bader
2009-01-09 18:40 ` Grant
2009-01-09 19:05 ` Alan McKinnon
2009-01-09 19:32 ` Grant
2009-01-09 20:58 ` Kyle Bader
2009-01-09 21:07 ` Nick Cunningham
2009-01-09 21:23 ` Alan McKinnon
2009-01-10 10:14 ` Peter Humphrey
2009-01-10 14:35 ` Matt Causey
2009-01-10 17:50 ` Grant
2009-01-10 19:35 ` Matt Causey
2009-01-10 5:18 ` Mike Kazantsev
2009-01-10 17:48 ` Grant
2009-01-11 2:05 ` Mike Kazantsev
2009-01-11 2:27 ` Grant
2009-01-13 19:33 ` Mick
2009-01-14 1:52 ` Mike Kazantsev
2009-01-17 5:34 ` Grant
2009-01-17 6:30 ` Mike Kazantsev [this message]
2009-01-17 9:50 ` Peter Humphrey
2009-01-17 8:47 ` Alan McKinnon
2009-01-17 18:12 ` Grant
2009-01-17 18:21 ` Alan McKinnon
2009-01-17 18:53 ` Matt Harrison
2009-01-17 18:24 ` Grant
2009-01-17 15:43 ` Stroller
2009-01-17 16:32 ` [gentoo-user] " Harry Putnam
2009-01-17 17:40 ` Grant
2009-01-17 19:02 ` Harry Putnam
2009-01-17 17:32 ` [gentoo-user] " Grant
2009-01-23 11:04 ` Matt Causey
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090117113045.42c110ff@coercion \
--to=mike_kazantsev@fraggod.net \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox