Firewall / Squid and possible security related issue.



  • Hi Guys,

    I think I've run into another problem with Squid and the Firewall this time.

    With Squid enabled as transparent proxy, I went into Firewall Rules and changed the default LAN Net policy to "block" and ensured all protocols etc were set to "any". I am now assuming that no one on my Lan will be able to access the internet.

    However, I was still able to access the internet, etc without any problems…matter-of-fact, I am doing so now with the block any rule turned on!

    Now, when I turn off the squid service, revert the default LAN any rule to accept and then back to block, it works. I can no longer surf the internet and I get the Network Timeout error.

    I am assuming the firewall rules take precedent here. Please let me know your thoughts.

    Thanks

    Jits



  • I didn't Reset the Firewall State table after making such a change. Again, I'm assuming based on what I'm reading that I should have to effect changes a bit quicker than normal. Correct?



  • Its in your squid.inc that modifies the pf rules.

    You can edit your squid.inc in /usr/local/pkg/squid.inc and comment:
    $rules .= "#pass in quick on $iface proto tcp from any to !($iface) port 80 flags S/SA keep state\n";
    $rules .= "#pass in quick on $iface proto tcp from any to !($iface) port $port flags S/SA keep state\n";

    to show your current pf rules

    pfctl -sr
    

Locked