Hi! I’m trying to achieve this configuration: essentially all the traffic in the network should pass the content filtering in the proxy, assume I have control over the clients. All not proxied traffic should be blocked by default.

I know not all network traffic can pass through proxy, but I’m not sure I understand how actually all of this work.

My UFW firewall configuration is the following:

To                         Action      From
--                         ------      ----
3128                       ALLOW OUT   Anywhere                  
53                         ALLOW OUT   Anywhere        

53 is for DNS requests (that cannot pass through the proxy), even if I use DOH this port needs to be open for bootstrapping.

3128 is Squid proxy port.

I’m assuming the following:

client -> dns request (53) / cannot be handled by the proxy -> dns response client -> proxy (all ports that the proxy can handle) -> http/https/ftp response client -> blocked (all other ports)

But from UFW logs it looks like the client is trying to make requests (eg. https requests) directly through port 443, instead that passing from 3128… Maybe I’m getting something wrong here on how Proxies work.

Do you have any suggestion?