Purchase Linux CDs / DVDs / Flash Drives at OSDisc.com

Welcome to Our Community

While Linux.org has been around for a while, we recently changed management and had to purge most of the content (including users). If you signed up before April 23rd, 2017 please sign up again. Thanks!

  1. Follow us on twitter - we shoot all of our new original content out as well as random messages. https://twitter.com/linuxdotorg
    Dismiss Notice

Proxy and Firewall : What a relationship of rules between them.

Discussion in 'Linux Security' started by Matheus Paz, Mar 14, 2019.

  1. Matheus Paz

    Matheus Paz New Member

    Joined:
    Mar 14, 2019
    Messages:
    1
    Likes Received:
    1
    Hello everyone.
    Next, in my corporate environment, I have a Squid proxy and a PfSense firewall.
    My Squid is running perfectly and my PfSense is also in separate HOST. Each one with its respective IP.
    The doubt is as follows, I have rules that release and deny certain sites.
    I had the need to create a rule that blocks full access to a group called "noaccess". In Squid the rule is at the top of everything:
    #ACL
    acl noaccess external noaccess
    ...
    #RULES
    1. http_access deny noaccess
    ....

    When accessing in the browser, setting proxy, because it is non-transparent, everything is virtually blocked, except the GMAIL and Banking Sites.


    (Log in to hide this advertisement)


    In my PFsense there are rules that grant access from any Source to the Aliases Destination that has several banking IPs and GMAIL sites.

    I would like someone to explain to me the relationship between SQUID PROXY and a PFSENSE Firewall.

    If I block a site in SQUID for everyone, and that same site is released in Firewall, which rule will be validated for the user?

    Is there a priority type of rule enforcement?

    I believe that maybe that's why even blocking in Squid, it gets to traffic, due to permission in Pfsense.Logo, is it necessary a "union" between Firewall and Proxy?

    I hope you give me a light. LOL



    Thanks in advance.
     
    wizardfromoz likes this.
  2. wizardfromoz

    wizardfromoz Super Moderator
    Staff Member Gold Supporter

    Joined:
    Apr 30, 2017
    Messages:
    2,534
    Likes Received:
    2,124
    G'day @Matheus Paz and welcome to linux.org :)

    I am moving this Thread to Security, where you may get the answers you seek.

    Good luck

    Chris Turner
    wizardfromoz
     

Share This Page