线上squid防火墙配置

发现日志里好多垃圾日志:如

013/05/20 23:48:23 kid12| WARNING: CONNECT method received on http Accelerator port 80

2013/05/20 23:48:23 kid12| WARNING: for request: CONNECT mxs.mail.ru:25 HTTP/1.0

2013/05/20 23:48:25 kid12| WARNING: CONNECT method received on http Accelerator port 80

2013/05/20 23:48:25 kid12| WARNING: for request: CONNECT proxylist.co:443 HTTP/1.1

Host: proxylist.co:443

Proxy-Connection: Keep-Alive

2013/05/20 23:48:56 kid12| WARNING: CONNECT method received on http Accelerator port 80

2013/05/20 23:48:56 kid12| WARNING: for request: CONNECT cas.sdo.com:443 HTTP/1.0

User-Agent: Mozilla/4.0

Host: cas.sdo.com:443

Content-Length: 0

上线那会,我把防火墙关闭了,限制只代理某些域名,这些用户访问其他的拒绝;

最近查日志,烦了,内容太多,只想放开80和22,161端口;备注(本人环境是DELL服务器,centos 6.2  需要各位注意网卡名)

iptables -F
iptables -X
iptables -Z
iptables -F INPUT
iptables -A INPUT -i em1 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i em1 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i em1 -p udp --dport 161 -j ACCEPT
iptables -P INPUT DROP
/etc/init.d/iptables  save


你可能感兴趣的:(squid3.2)