Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to Block All Internet Traffic Not Handled by Squid/SquidGuard?

    Scheduled Pinned Locked Moved Firewalling
    4 Posts 2 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      ddecjc
      last edited by

      I've got pfSense set up with Squid and SquidGuard, and I'm trying to set up a scenario where for a single IP address I can do the following:

      • block all non-HTTP/HTTPS traffic during night-time hours

      • allow access to a small set of white-listed websites during night-time hours

      • allow open access during daytime hours

      I think I can handle the Squid/SquidGuard setup for the HTTP/HTTPS rules (although I've read something about HTTPS issues that I don't fully understand yet). My big question is how to setup firewall rule(s) to handle the other non-HTTP stuff.

      Any help would be greatly appreciated!

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        Allow access to squid port and deny any other connection.

        Transparent proxy does not handle https so you need to fill up proxy settings on client browser

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • D
          ddecjc
          last edited by

          Thanks for the reply. I'm very much a beginner at firewall rules, so I have a follow-up question. Do I want to block incoming packets on WAN interface going to the selected IP address or outgoing packets on LAN interface coming from the selected IP address?

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            Pfsense os a statefull firewall, so all rules are applied where communication begins.

            To restrict access from lan users, create rules on lan interface

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.