I have a network that has internet service through a squid proxy with shorewall firewall . I manage the network 192.168.30.0/12 is for computers that have Internet access . But the team that are in the subnet 192.168.50.0/12 should not go out to any port , you must have all ports closed . I did the next .. Have within the params file the variable L_NOREG placing the subnet not want you to have Internet access : L_NOREG = " 192.168.50.0/12 " I have redirected port 80 to the LAN port to squid port 443 open and equal to the local network. ACCEPT loc : $ L_NOREG all tcp 80,8080,443 ACCEPT loc : $ L_NOREG net tcp 443 REDIRECT loc : 3018 tcp $ 80.8080 L_NONET Here I tell shorewall let me go all the local network to port 80 and 8080 ( squid ) exept the network that is registered in the variable L_NOREG When recharging these settings across the network goes down, and not let me out on port 80 and 443 and only 30.0 subnet should get out. I'll be doing wrong? My configuration file I Policy : loc ACCEPT loc loc all REJECT info net all DROP info fw all ACCEPT ------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk