firewall/proxy question

Bart Silverstrim bsilver at
Mon Mar 12 17:57:39 UTC 2007

I am trying to find a way to stop some people on our network from  
accessing certain websites.  We have been using Squid with SquidGuard  
on an older FreeBSD system.

The Squid that was installed from ports doesn't seem to see https:  
connections.  From what I can find, this appears to be normal  
behavior since https: connections are encrypted.

Is there some way to set up ipfw to block access to port 443 if the  
URL/IP matches a certain address?  These users are bypassing our  
filter rules by accessing a proxy site that is using https.  The  
current ruleset on the box is
00049 allow tcp from <filter machine IP> to any
00050 fwd <filter machine IP>,3128 tcp from any to any 80
00100 allow ip from any to any via lo0
00200 deny ip from any to
00300 deny ip from to any
65000 allow ip from any to any
65535 deny ip from any to any

Can someone help with some suggestions?  Does the Linux firewall  
system have a similar way to block access to a particular IP if it  
were doing forwarding?  We were experimenting with a new proxy  
machine but it is running Ubuntu.


More information about the freebsd-questions mailing list