I just installed Privoxy and Dansguardian to act as a proxy/content filtering service. The tutorial called for the rules below to be added to the UFW before.rules file /etc/ufw/before.rules:
-A ufw-before-output -m owner –uid-owner root -j ACCEPT
-A ufw-before-output -p tcp -m multiport –dports 80,443 -m owner –uid-owner privoxy -j ACCEPT
-A ufw-before-output -p tcp -m multiport –dports 80,443 -j DROP
-A ufw-before-output -o lo -p tcp -m tcp –dport 8118 -m owner –uid-owner dansguardian -j ACCEPT
-A ufw-before-output -o lo -p tcp -m tcp –dport 8118 -m owner –uid-owner bodhi -j ACCEPT
-A ufw-before-output -o lo -p tcp -m tcp –dport 8118 -j DROP
-A ufw-before-output -o lo -j ACCEPT
I assume this is to ensure all computers pointing to the proxy utilize the filtering/proxy services, but it disables any ability to ping, apt-get, and other services on the server itself. Thanks for any help you can provide in helping me figure out a way to allow the server to get updates and function while allowing clients to use the dansguardian/privoxy services.
