Web Proxy Firewall Rules


I setup squid and I have DHCP + DNS WPAD happening, my mac gets the proxy settings automatically which is good. URLFilter functions as it should.

So I now need to create firewall rules to drop any http/https queries ensuring that they do not bypass the proxy.

I think I have achieved this by creating firewall rules that block TCP/80 and TCP/443 from anywhere to anywhere.

And then I created outgoing firewall access rules that allow the firewall to connect to TCP/80 and TCP/443.

This is working, but I’m unsure if this is the correct way to do this? When I curl from terminal it times out so I assume that it is indeed blocking anything not through the proxy?

**Switched from drop to reject so curl tells me that the connection is rejected instead of hanging indefinitely so I think that is configured correctly?