Hi Arne.F,Arne.F wrote: ↑July 18th, 2019, 6:40 amThe "policy" rules are intended to detect traffic from lan to wan that is some programs (based on the user-agent string)
This connection run's via the proxy so you see only the firewal as source.
If you dont want block lokal programs you should disable the matching "policy" rules.
We use IPFire 2.23 (x86_64) - Core Update 134 . We only filter the "Red" interface (WAN) with Suricata.
If i understand correctly, the reason why our external IP address appears as "Source" is because it is our Squid proxy that makes the request.
I cannot Whitelister our external IP address because I might miss a possible problem on our network. So I have to deal with the rules one by one when the blockage occurs...
So I don't understand if only the source is concerned by the Whitelist or the 2...source and destination ?