Blocking Users With Firewall with squid



  • I have a scenario where i have a bunch of customers on a 10.0.0.0/8 network that access the internet through my main pfsense firewall with squid installed.. (an old version).. anyhow i made a few aliases with all my users that should be able to access the internet and changed the firewall rules so that everyone on the LAN is blocked by default only allowing the users that i wish to access the internet (via the aliases).

    However thanks to squid the users who should not be able to access the internet are still able to browse the internet (albiet they cant do anything else but browse) but i want to be able to block these users from doing anything at all.

    Is there anything that can be done about this (like checking the firewall rules before redirecting traffic) or something?



  • Try adding rules on the lan interface that blocks traffic to the 127.0.0.1 squid port.  Or you could just block the LAN client from 127.0.0.1 altogther.



  • I having this same problem will try what you recommended.


Log in to reply