Fw rules and squid problem
-
I have a (topmost) rule on LAN side that blocks any protocol from any source to particular IP destination (listed within an alias) on any port:
Proto Source Port Destination Port Gateway
* * * Attackers * *This rule is ignored however when squid is in transparent mode - when all traffic on port 80 is redirected to squid before reaching the "Attackers". Why? Shouldn't traffic from 127.0.0.1 to Attackers fall under rule above? I'm running pfsense 1.2RC2.
thanks.
-
firewall rules don't apply to traffic redirected to squid, it comes from the local machine.
-
Thanks for your reply. I modified squid inc file to not to forward traffic destined to Attackers alias so it will be filtered by the firewall.
Can you suggest where I can go to learn how traffic flows through pfsense and how packages like squid, snort, etc fit in?
thanks!
-
I'm not aware of anything that describes what you're after.
In a nutshell - firewall rules affect what can go where, except in cases where the traffic is redirected to a local daemon, because the traffic is then sourced from the firewall itself and your rules do not apply in that case.
I'd like to see an additional tab in the firewall rules page for traffic from localhost to other destinations, which would remove this limitation. Maybe something we'll see in a future release.