I think there is an issue by blocking traffic to the internet (WAN) with ipfire 139. If i block internet access for a ip address in my LAN and web-proxy in green is active, port 80 is still open 
You can’t close port 80 with additional rules. Only deactivating of web-proxy helps. In older versions of ipfire, my rule works to block WAN for this specific machine in LAN.
I do not understand how that should have been working in the past. The proxy listens to port 800 (default) and not 80. You may run a transparent proxy and if you don’t use the MAC/IP filter list or any authentication for the proxy, every network member/client is allowed to use it. So this behaviour is totally normal.
Okay…good hint to block IP/MAC on web-proxy side. Yes, i have a transparent proxy. But this additional rule i haven’t used in the past. I just have to know it. 