4. How to Block All Internet Traffic Not Handled by Squid/SquidGuard?

How to Block All Internet Traffic Not Handled by Squid/SquidGuard?

  • D

    I've got pfSense set up with Squid and SquidGuard, and I'm trying to set up a scenario where for a single IP address I can do the following:

    • block all non-HTTP/HTTPS traffic during night-time hours

    • allow access to a small set of white-listed websites during night-time hours

    • allow open access during daytime hours

    I think I can handle the Squid/SquidGuard setup for the HTTP/HTTPS rules (although I've read something about HTTPS issues that I don't fully understand yet). My big question is how to setup firewall rule(s) to handle the other non-HTTP stuff.

    Any help would be greatly appreciated!

    0

  • Allow access to squid port and deny any other connection.

    Transparent proxy does not handle https so you need to fill up proxy settings on client browser

    0
  • D

    Thanks for the reply. I'm very much a beginner at firewall rules, so I have a follow-up question. Do I want to block incoming packets on WAN interface going to the selected IP address or outgoing packets on LAN interface coming from the selected IP address?

    0

  • Pfsense os a statefull firewall, so all rules are applied where communication begins.

    To restrict access from lan users, create rules on lan interface

    0
Locked
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy