Firewall / Squid and possible security related issue.

jits

Hi Guys,

I think I've run into another problem with Squid and the Firewall this time.

With Squid enabled as transparent proxy, I went into Firewall Rules and changed the default LAN Net policy to "block" and ensured all protocols etc were set to "any". I am now assuming that no one on my Lan will be able to access the internet.

However, I was still able to access the internet, etc without any problems…matter-of-fact, I am doing so now with the block any rule turned on!

Now, when I turn off the squid service, revert the default LAN any rule to accept and then back to block, it works. I can no longer surf the internet and I get the Network Timeout error.

I am assuming the firewall rules take precedent here. Please let me know your thoughts.

Thanks

Jits

jits

I didn't Reset the Firewall State table after making such a change. Again, I'm assuming based on what I'm reading that I should have to effect changes a bit quicker than normal. Correct?

chudy

Its in your squid.inc that modifies the pf rules.

You can edit your squid.inc in /usr/local/pkg/squid.inc and comment:
$rules .= "#pass in quick on $iface proto tcp from any to !($iface) port 80 flags S/SA keep state\n";
$rules .= "#pass in quick on $iface proto tcp from any to !($iface) port $port flags S/SA keep state\n";

to show your current pf rules

pfctl -sr