Simple question, how do I use "owner UID match" as part of my rules or
macros? I see the location in rules for this information but the
format is not documented.
I''m currently running firehol and trying to map my configuration to
shorewall, I don''t have shorewall installed(no version installed) or
any shorewall configuration(no output from an uninstalled shorewall).
Firehol lacks V6 support and bringing up a V6 tunnel provides access
to my private web-server to even V4 hosts, nice. As Firehol has not
had an update in a vary long time I''ve decided to switch software.
There are several users(read as daemons) that I don''t want transparent
cache, this is part of the firehol config:
# Run a transparent cache?
SQUID_PORT="3128" # Leave empty to disable SQUID
# Users to be excluded from the cache
SQUID_USERS="debian-tor privoxy proxy apt-p2p"
SQUID_EXCLUDE="1.1.1.1" # Web Server IPs to be excluded from
the cache
# Setup a transparent squid, only if SQUID_PORT is set.
if [ ! -z "${SQUID_PORT}" ]
then
transparent_squid "${SQUID_PORT}" "${SQUID_USERS}"
\
inface "${HOME_MYIF}" src "${HOME_LAN}"
\
dst not "${SQUID_EXCLUDE} ${PRIVATE_IPS}"
fi
# Output
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
out_trproxy.1 tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
spts:32768:61000 dpt:80
Chain out_trproxy.1 (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 1.1.1.1
RETURN all -- 0.0.0.0/0 10.0.0.0/8
RETURN all -- 0.0.0.0/0 169.254.0.0/16
RETURN all -- 0.0.0.0/0 172.16.0.0/12
RETURN all -- 0.0.0.0/0 192.0.2.0/24
RETURN all -- 0.0.0.0/0 192.88.99.0/24
RETURN all -- 0.0.0.0/0 192.168.0.0/16
RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID
match 124
RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID
match 123
RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 13
RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID
match 122
RETURN all -- 0.0.0.0/0 127.0.0.1
REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 redir ports 3128
What would you suggest I type in the shorewall config file to make these rules?
------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference