Block All Ports and Only Allow HTTP(S)
I want to block all ports and only allow port 80/443/53. I will open ports occasionally from my users when they have issues with yahoo instant messenger, aim, skype etc… I am in Afghanistan and I want to speed up browsing speeds, but not allow torrents, etc. I currently have squid configured and we seem to be using it in transparent mode. Can anyone help me out with this?
danswartz last edited by
Under Firewall => Rules => LAN, you should see a single rule called "Default LAN => any". Add 2 rules allowing outbound access to tcp/80 and tcp/443. Then delete the default rule. You shouldn't need a rule for DNS if your lan hosts are pointing at the pfsense itself, I don't believe, although if that turns out to be mistaken, you can then add tcp/53 and udp/53.
Okay, I made the change on the lan side. I tested a skype call and it still allowed it to go through. What kind I use to verify that all of the traffic is being routed through HTTP?
kpa last edited by
Skype falls back to using port 80 outbound if you block other ports.
Yes, after viewing the advanced options in skype I just realized this. I would like to view my squid cache logs. How do I view my logs to ensure that traffic is going through squid as well. I am able to view my squid lightreport though.