Dynamically updating iptables ipset to bypass squid.

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Dynamically updating iptables ipset to bypass squid.

Eliezer Croitoru

I talked to a developer which uses dnsmasq and it seems to have an option to add resolved ip addresses into a linux ipset set.

So it is possible to dynamically add IP addresses of domains out of the proxy interception.

Ideally an ICAP service will be able to see the request and redirect the client using some 30X code to a request that will not be considered a loop.

And.. by the time the client will is being “redirected(maybe couple times) the client traffic will no be intercept era at all leaving the OS and the CPU to spend the right amount of resources.





Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: [hidden email]


squid-users mailing list
[hidden email]