The proxy is a versatile element.
Artica is often used as a web proxy and cache server, which means it acts as a gateway between internal users and external networks.
The local firewall is able to control the traffic that can access and pass through the proxy.
Adding firewall rules around the proxy service protects both the server itself and the network it serves.
If you have the Proxy service installed, you can view two proxy rules.
One rule for incoming flows and one rule for outgoing flows.
These rules are specific because they work in reverse, blocking all transactions except those explicitly defined.
It should be noted that trusted networks have priority over these rules.
This means that these rules apply to all nodes that are not part of trusted networks.
¶ The Outgoing rule
This rule is used to control flows leaving the proxy.
You can control UDP and TCP traffic (mainly DNS and Web requests).
By default, the proxy is able to consult all addresses on port 53 in UDP and all addresses on port 80 and 443.
If you wish to restrict it to specific networks, you can use the form [IP/CIDR]:[PORT].
where [IP/CIDR] is an IP address 1.2.3.4 or a network 1.2.3.0/24, or All by the star character “*”.
¶ The incoming rule
This rule controls access to proxy ports.
You can control TCP traffic (essentially requests from your users).
By default, the proxy allow access from networks 192.168.0.0/16 , 10.0.0.0/8, 172.16.0.0/12
If you wish to restrict access to specific networks, you can use the form [IP/CIDR].
[IP/CIDR] being an IP address 1.2.3.4 or a network 1.2.3.0/24