Block All Ports and Only Allow HTTP(S)



  • I want to block all ports and only allow port 80/443/53. I will open ports occasionally from my users when they have issues with yahoo instant messenger, aim, skype etc… I am in Afghanistan and I want to speed up browsing speeds, but not allow torrents, etc. I currently have squid configured and we seem to be using it in transparent mode. Can anyone help me out with this?

    Thanks



  • Under Firewall => Rules => LAN, you should see a single rule called "Default LAN => any".  Add 2 rules allowing outbound access to tcp/80 and tcp/443.  Then delete the default rule.  You shouldn't need a rule for DNS if your lan hosts are pointing at the pfsense itself, I don't believe, although if that turns out to be mistaken, you can then add tcp/53 and udp/53.



  • Okay, I made the change on the lan side. I tested a skype call and it still allowed it to go through. What kind I use to verify that all of the traffic is being routed through HTTP?



  • Skype falls back to using port 80 outbound if you block other ports.



  • Yes, after viewing the advanced options in skype I just realized this. I would like to view my squid cache logs. How do I view my logs to ensure that traffic is going through squid as well. I am able to view my squid lightreport though.


Log in to reply