Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid3 allowed IPs instead the complete subnet?

    Cache/Proxy
    2
    2
    682
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      slu
      last edited by

      Hi,

      is there a way to allow only single IPs instead of the complete subnets?
      Only a few clients should have access to the internet.

      At the moment, without squid, I use firewall rules with aliases to allow the clients.

      slu

      pfSense Gold subscription

      1 Reply Last reply Reply Quote 0
      • kesawiK
        kesawi
        last edited by

        You can create a set of custom ACLs to control which clients can access the internet through squid. You need to create the following in the Custom ACLS (Before Auth) box under Advanced features in the squid proxy configuration:

        ## Allow internet access for specific LAN clients
acl internet_access_allowed src <ips and="" ip="" ranges="" to="" allow="" internet="" access="" for="">
http_access allow internet_access_allowed

## Allow access for pfSense firewall
http_access allow localhost

##Block internet access for all other LAN traffic
http_access deny all</ips>

        You may still need to use firewall rules for SSL traffic.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.