[Shorewall-newbies] REDIRECT rule

Sakthivel Subramanian sakthi at altair.com
Fri Feb 20 13:35:31 PST 2004

Thanks Tom,

That works fine. I also cannot believe that I missed the note on the top the
rules file which answers my question exactly.

#       In most places where an IP address or subnet is allowed, you
#       can preceed the address/subnet with "!" (e.g., ! to
#       indicate that the rule matches all addresses except the
#       given. Notice that no white space is permitted between "!" and the
#       address/subnet.



-----Original Message-----
From: Tom Eastep [mailto:teastep at shorewall.net] 
Sent: Friday, February 20, 2004 4:19 PM
To: sakthi at altair.com; shorewall-newbies at lists.shorewall.net
Subject: Re: [Shorewall-newbies] REDIRECT rule

On Friday 20 February 2004 12:48 pm, Sakthivel Subramanian wrote:
> Hi,
> I am trying to redirect WWW from LAN to the SQUID proxy running on the 
> firewall box except for certain destinations. I used the following 
> rule and it works fine. # Redirect WWW access to proxy
> REDIRECT        loc     8080      tcp   www      -      !
> But I don't want to redirect if the www request is destined for three 
> subnets on the eth0 interface (, 192168.2.0/24, 
> These three subnets are defined a three zones in the 
> zones file. How do I specify an subnet to exclude in the REDIRECT 
> rule. I tried the following and it didn't work. # Redirect WWW access 
> to proxy
> REDIRECT        loc     8080      tcp   www      -
> !,

REDIRECT loc 8080 tcp www - !,,

Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net

More information about the Shorewall-newbies mailing list