Background: As a Sysadmin in a school I have 2 computers standing in the library; which are only to be used for searching the library database which is located on a server (I have no idea where this server is, the main library in this town i think) So i have blocked all IP-addr except this one and the DNS IP.

This worked fine until yesterday, when the central IT department for all highschools in the county installed a proxy in their serverpark. I don't know what type of proxy it is they are running, but that doesn't matter much either since i don't have permission to do changes on it anyway.

I can authenticate on the proxy and get online, with the machines, but i have to allow traffic both INNPU and OUTPUT from the proxy, which means that the machines now can browse the entire web.

Is there any way I can filter this? huh
Since asking the IT department is of no use, even if they had taken the phone when i called them they would most likely just have broken everything... angry

Set default INPUT and OUTPUT policy to Reject.
Allow all traffic for local n/w to local n/w.
Allow traffic from local n/w [ source ] to Libray Server's IP [ destination ] for HTTP requests [ Output Chain ].
Allow trafiic from Library Server's IP [ source ] to local n/w [ destination ] for HTTP requests [ Input Chain ].

Find out iptables command for above and apply them.

~pratik

thanks, I'll test this right away