squid and it's config, a question

[bobc at sfcei.com]

I am looking to set up squid proxy for my lan, and think I have a
correct config to make sure the proxy is not open. I am asking the list
as opposed to the squid lists, as I prefer to ask the FBSD list first
when it is somewhat FBSD related. I will be running this on a FBSD 4.9
box. This box has two NICs in it, one connected to the router and one to
the lan.

After looking through the docs, I think I am correct in listing the
internal network 10.1.1.x 255.0.0.0 as such:

acl internal src 10.1.1.0/24
http_access deny !internal

I placed the above at the start of the file to jump right in and get this
set. And further into the squid.conf file the following:

#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 10.1.1.5/255.0.0.0
acl SSL_ports port 443 563
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

Here the squid server will be IP 10.1.1.5 255.0.0.0. I have no
references to localhost as 127.0.0.1r, and no references to the external
IP in this file anywhere. I am assuming, perhaps incorrectly which is
often the case for me :-), that this should be sufficient and safe from
being open to the world.

Thank you very much for your time and patience with this. And yes I did
RTFM, but I want to be sure as sometimes the FM is beyond me.
--
Bob

"Play is the work of children. It's very serious stuff. And if it's
properly structured in a developmental program, children can blossom."
-Bob Keeshan aka `Captain Kangaroo'