How to Block All Internet Traffic Not Handled by Squid/SquidGuard?
-
I've got pfSense set up with Squid and SquidGuard, and I'm trying to set up a scenario where for a single IP address I can do the following:
-
block all non-HTTP/HTTPS traffic during night-time hours
-
allow access to a small set of white-listed websites during night-time hours
-
allow open access during daytime hours
I think I can handle the Squid/SquidGuard setup for the HTTP/HTTPS rules (although I've read something about HTTPS issues that I don't fully understand yet). My big question is how to setup firewall rule(s) to handle the other non-HTTP stuff.
Any help would be greatly appreciated!
-
-
Allow access to squid port and deny any other connection.
Transparent proxy does not handle https so you need to fill up proxy settings on client browser
-
Thanks for the reply. I'm very much a beginner at firewall rules, so I have a follow-up question. Do I want to block incoming packets on WAN interface going to the selected IP address or outgoing packets on LAN interface coming from the selected IP address?
-
Pfsense os a statefull firewall, so all rules are applied where communication begins.
To restrict access from lan users, create rules on lan interface