You need to block direct IP access for all clients using iptables. That way, clients will have to specify the IPCOP as their proxy server in order to access the internet.
You need to make changes to your rc.local file which is located in the following directory /etc/rc.d/
Add the following commands after the line containing "#!/bin/sh"
# Flush Custom Input Rules
/sbin/iptables -F CUSTOMINPUT
/sbin/iptables -F CUSTOMFORWARD
#bar access for all IPs
/sbin/iptables -A CUSTOMFORWARD -i $GREEN_DEV -s 0/0 -o $RED_DEV -j DROP
The above rules simply block direct access for all clients.
After editing rc.local, you can run it by typing "/etc/rc.d/rc.local".