Firewall para Squid

[slackrio]

Galera to usando squid a pouco tempo e tenho algumas duvidas..
meu squid.conf esta desta forma:

http_port 3128
visible_hostname Servidor

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

acl redelocal src 192.168.0.1/24
http_access allow localhost
http_access allow redelocal

http_access deny all

estou na duvida de como fazer um firewall partindo do zero para o squid

minha rede:

tenho 2 placas de rede
ETH0=nao tem ip
ETH1=192.168.0.1 (DHCPD rodando)
PPPO= ADSL (pppoe.conf)

grato

[gatoseco]

Segue abaixo algumas sugestoes.

http_port 192.168.0.1:3128
visible_hostname Servidor
acl redelocal src 192.168.0.0/24
http_access deny all

iptables -A INPUT -p tcp -s 0/0 --dport 3128 -j DROP
iptables -A INPUT -p udp -s 0/0 --dport 3128 -j DROP
iptables -A INPUT -p tcp -s ! $REDEINT --dport 3128 -j DROP
iptables -A INPUT -p udp -s ! $REDEINT --dport 3128 -j DROP
iptables -A INPUT -p tcp -s $REDEINT -d 10.124.1.5 --dport 3128 -m state --state NEW -j ACCEPT
iptables -A INPUT -p tcp -s $REDEINT -d 10.124.1.5 --dport 3128 -j ACCEPT
iptables -A INPUT -p udp -s $REDEINT -d 10.124.1.5 --dport 3128 -j ACCEPT
iptables -A INPUT -p tcp -d 10.101.1.0/24 --dport 3128 -j DROP

Abraços