If you want to prevent outgoing http access from green ip address 192.168.100.1, you will need to do it in both Squid and iptables.
You will need to add the following command to the following file: /var/ipcop/proxy/acl. This command will need to be inserted in the right place in order to have the desired effect. You may need to post your acl file.
[code:1]http_access deny 192.168.100.1[/code:1]Afterwards, you will need to restart the Proxy service from the Web GUI as this copies the commands in the acl file into your squid.conf file.
You will need to add the following line to your /etc/rc.d/rc.local file:
[code:1]/sbin/iptables -A CUSTOMFORWARD -i $GREEN_DEV -s 192.168.100.1 -o $RED_DEV -p tcp --dport 80 -j DROP[/code:1]
I have copfilter installed and enabled in transparent mode for green network. Maybe, this is the question?
Copfilter has two built-in HTTP proxy servers (Privoxy and HAVP). HAVP's main purpose is to perform virus scanning of HTTP data while Privoxy does a similar job to Squid. Copfilter causes all three proxies to work in a chain so that user HTTP requests first of all go to SQUID, then PRIVOXY and finally to HAVP.
Since Squid is the first proxy in the chain, the instructions I gave you should have worked if you put them in the right place in your /var/ipcop/proxy/acl file. You will need to look for the following line in your /var/ipcop/proxy/acl file. [code:1]http_access allow IPCop_networks[/code:1]
Then make sure you insert the deny rule I gave you before this line like this:
[code:1]http_access deny 192.168.100.1
http_access allow IPCop_networks[/code:1]
In addition, you don't need the iptables rule I gave you because you are running the proxies in transparent mode. You could replace it with this rule instead, [code:1]/sbin/iptables -A CUSTOMFORWARD -i $GREEN_DEV -s 192.168.100.1 -o $RED_DEV -j DROP[/code:1]
which blocks all IP access for the IP address in question. POP3 and SMTP will still work as long as the appropriate proxies for these protocols in Copfilter are enabled.