Thanks, I went to another simpler solution so everybody on the WIFI network can operate easy without the need for know-how of proxys and so on.
I render myself to transparent proxy, so this part solves the internet browsing http and for https I open the 443 port on the firewall.
But since I needed some https sites blocked and that will not hapend with only the squid rules I setup some cron that runs a batch script to grab all the IPs for a list of domains that I have, them manually on the firewall.postservice file I run the necessary iptable rules to block https access to those IP's. I manages to store those IP's on a created ipset iphash.
Just need now a better way to do those iptables rules, I was thinking in something like:
accept everything to destination port 443 except to these IP list, but I can't find the right iptables syntax, so for now is one rule for each IP.
This is how I create the set (iplist is the var with all IP's):
ipset destroy Blacklist
ipset -N Blacklist iphash
for ip in ${iplist[@]}; do
ipset -A Blacklist $ip
echo $ip
done
Them I know to use this set I could use something like this with iptables: ... -m set --match-set Blacklist dst ..
.
But as I said I don't know how to use it in the way I mension before... still doing more tests ; )