client connects to squid, squid connects to web server; two separate unrelated connections (besides the fact that 1 inspires 2). i understand that the number 3128 falls within the range 1024 - 65535; and if squid is configured to bind only to the internal interface, you'd have a 1/64511 chance of seeing a squid server use sport = 3128 and dport = 80 to fetch content from an origin web server, but it's not likely enough to deserve a dedicated filter rule, IMHO.
*nod*
I was very aware and would expect that the there were two distinctly different TCP connections, even though the 2nd one is caused by the 1st one. What I was not aware of is if Squid would send traffic to web servers from a known port and thus would be able to filter based on that. I can't say as I'm surprised or disappointed by that fact.
Grant. . . .
