From owner-freebsd-questions@FreeBSD.ORG Wed Sep 26 01:53:24 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C4D5D16A41A for ; Wed, 26 Sep 2007 01:53:24 +0000 (UTC) (envelope-from mlt01+OW=3f18eadd@mlists.homeunix.com) Received: from turtle-out.mxes.net (turtle-out.mxes.net [216.86.168.191]) by mx1.freebsd.org (Postfix) with ESMTP id 87C7213C469 for ; Wed, 26 Sep 2007 01:53:24 +0000 (UTC) (envelope-from mlt01+OW=3f18eadd@mlists.homeunix.com) Received: from mxout-03.mxes.net (mxout-03.mxes.net [216.86.168.178]) by turtle-in.mxes.net (Postfix) with ESMTP id 7D512105B0 for ; Tue, 25 Sep 2007 21:32:32 -0400 (EDT) Received: from gumby.homeunix.com. (unknown [87.81.140.128]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTP id BA21851939 for ; Tue, 25 Sep 2007 21:32:30 -0400 (EDT) Date: Wed, 26 Sep 2007 02:32:28 +0100 From: RW To: freebsd-questions@freebsd.org Message-ID: <20070926023228.51a0855a@gumby.homeunix.com.> In-Reply-To: <200709260015.36772.fbsd.questions@rachie.is-a-geek.net> References: <46F91290.7050500@fpt.vn> <20070925224014.5f88fda7@gumby.homeunix.com.> <200709260015.36772.fbsd.questions@rachie.is-a-geek.net> X-Mailer: Claws Mail 3.0.0 (GTK+ 2.10.14; i386-portbld-freebsd6.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: PF: block out port 80 so that not allow clients in LAN to browse Internet via port 80 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Sep 2007 01:53:24 -0000 On Wed, 26 Sep 2007 00:15:36 +0200 Mel wrote: > Well, he could block, but transparently doing it without annoying > users is better(tm). It depends. If they are doing a lot of ftp downloading, you may want to force it to go though squid, so it can be cached. And you can't really do that in combination with http interception. There is also the issue with interception that https will bypass squid, which is a loophole if you want to want monitor access, or block sites.