My apologies, I sent this message to Rodo instead to the list. Damn. I will pay more attention to what I am doing in the future. My apologies also to Rodo for the double post.
---------- Forwarded message ---------- From: Carlo Fusco fusco.carlo@gmail.com Date: Wed, Sep 7, 2016 at 10:54 AM Subject: Re: wrong section in Squid network based access control To: "R. W. Rodolico" rodo@dailydata.net
On Tue, Sep 6, 2016 at 8:12 PM, R. W. Rodolico rodo@dailydata.net wrote:
Honestly, I do not know. Maybe we can get information from one of the developers? Unless you know for certain? It sounds like you have used the proxy a lot more than I have. Do you know for sure which way it works?
I am quite positive. If I check that box, it will write this on /var/ipfire/proxy/squid.conf
#Prevent internal proxy access from Blue except IPFire itself http_access allow IPFire_blue_network IPFire_blue_servers http_access deny IPFire_blue_network !IPFire_ips IPFire_servers
The code looks simple enough to me. The first line allows the blue network to access the blue IP space. The second line denies access to the rest of the network (IPFire_servers), which in my case is green and orange IP space. The exception is the IPFire machine itself (IPFire_ips) which is allowed.
Besides, the comment "Prevent internal proxy access from Blue except IPFire itself" looks to me quite clear.
If there are no objections, I would correct the text in the wiki.