
How to Add DNS Filtering to Your NAT Instance with Squid (2016) - remx
https://aws.amazon.com/blogs/security/how-to-add-dns-filtering-to-your-nat-instance-with-squid/
======
tyingq
Does this limit who can connect to it anywhere? It looks like it results in an
open proxy, albeit with limited destinations. Or maybe there's some "verify
peer" type functionality such that clients without the right cert are dropped?

~~~
0m1cr0n
When you set up an AWS EC2 instance (hosts the Squid server) you create
"Security Groups" \-- effectively a virtual firewall. So unless the instance
operator configures an inbound 0.0.0.0 "accept" rule, it will probably be
filtered to only accept connections from other instances in your VPC.

