i would like to kick this treath new life on it.
i have the same question, but i am running openBSD with squid and nat on int.

and yes, you dont need a 3Gb for squid, configing squid with 1GB or less as storage for cashing works, hell, even with 0 MB works to ,than it works as filtering system..

so, any 'n idea how to filter p2p stuff with squid and eventualy a firewall like IPtabels and PF for openBSD. ??

spatieman, I've moved your post to a thread of its own. The thread you posted in originally had been dead for well over a year. What solutions have you been looking at so far? It seems many of the projects that did this sort of thing are inactive.

win32SUX ,yes, i looked here, and didnt yet found a propersolution.

till now, i have running Squid as it should be with most if its defaults settings.
i set cache site enough (8GB disc and 128MB RAM)
look special at the squid solution i made for mcafee siteadvisor.
all trafic not over squid is forced to the local webserver, saying how to config your browser with proxy usage.
in squid.conf i # the line acl Safe_ports port 1025-65535 # unregistered ports
so ports from 1025- and up should NOT go over proxy ,so, this could block p2p and torrent stuff.
not yet correct tested, becouse of my $##^$#@@ lame hsdpa speed.
also the alq, dunno if it trotles the speed with squid at the same time.

my pf.conf is the one below.

######## START CONFIG ##########
#
ext_if = "fxp0"
int_if = "rl0"
#
table <firewall> persist file "/etc/table/firewall.table"
#ut99 = "{ 7777,7778,27900 }"
table <bruteforce> persist

lan_deny = "{ 20,21,22,23,80,113,119,443,1080,5000,8000,8080 }"
local_net = "192.168.0.0/24"
ssh_ports = "{ 22 65530}"
im_ports = "{ 1863 5190 5222 }"

# machines
megazeul = "192.168.0.234"
a6000 = "192.168.0.224"
server2 = "192.168.0.254"
iphone_ton = "192.168.0.244"

#
set block-policy return
set loginterface $ext_if
set limit { frags 5000, states 2500 }
set state-policy if-bound
set optimization high-latency
set skip on lo
#
scrub in on $ext_if all fragment reassemble min-ttl 15 max-mss 1400
scrub in on $ext_if all no-df
scrub on $ext_if all reassemble tcp
#
# from LAN to INTERNET ext_if
altq on $ext_if priq bandwidth 1024Kb queue { std_out, ssh_im_out, dns_out, tcp_ack_out }
queue std_out priq(default)
queue ssh_im_out priority 4 priq(red)
queue dns_out priority 5
queue tcp_ack_out priority 6

# from INTERNET to LAN int_if
altq on $int_if cbq bandwidth 10Mb queue { std_in, ssh_im_in, dns_in, megazeul_in, a6000_in, server2_in, iphone_ton }
queue std_in bandwidth 7Mb cbq(default)
queue ssh_im_in bandwidth 200Kb priority 4
queue dns_in bandwidth 200Kb priority 5
queue megazeul_in bandwidth 80Kb cbq
queue a6000_in bandwidth 80Kb cbq
queue server2_in bandwidth 80Kb cbq
queue iphone_ton bandwidth 80Kb cbq

nat on $ext_if from $int_if:network to any -> ($ext_if)
#
rdr on $ext_if proto tcp from any to any port { 25,110 } -> 192.168.0.254

#Squid isue with mcafee siteadvisor tempory solution.
rdr on $int_if proto { tcp,udp } from any to dss1.siteadvisor.com port { 80,443 } -> 208.69.152.105
rdr on $int_if proto { tcp,udp } from any to dss2.siteadvisor.com port { 80,443 } -> 208.69.152.106
rdr on $int_if proto { tcp,udp } from any to any port $lan_deny -> 192.168.0.240

# filterrules for fxp0 inbound
block in on $ext_if all
block quick from <bruteforce>
block quick on $ext_if proto tcp from <firewall> to any port { 25,110 }
antispoof for $ext_if inet

pass inet proto tcp from any to $local_net port { 22, (SSH port colo XD) } flags S/SA keep state (max-src-conn 100, max-src-conn-rate 15/5, overload <bruteforce> flush global)

# filterrules for fxp0 outgoing
block out on $ext_if all
pass out on $ext_if inet proto tcp from (fxp0) to any flags S/SA keep state queue(std_out, tcp_ack_out)
pass out on $ext_if inet proto { udp icmp } from (fxp0) to any keep state
pass out on $ext_if inet proto { tcp udp } from (fxp0) to any port domain keep state queue dns_out
pass out on $ext_if inet proto tcp from (fxp0) to any port $ssh_ports flags S/SA keep state queue(std_out, ssh_im_out)
pass out on $ext_if inet proto tcp from (fxp0) to any port $im_ports flags S/SA keep state queue(ssh_im_out, tcp_ack_out)

# filterregels voor rl0 inwaarts
block in on $int_if all
pass in on $int_if from $local_net
pass in on $ext_if inet proto tcp from any to 192.168.0.254 port { 25,110 } flags S/SAFR keep state

# filterregels voor rl0 uitwaarts int_if
block out on $int_if all
pass out on $int_if from any to $local_net
pass out on $int_if proto { tcp udp } from any port domain to $local_net queue dns_in
pass out on $int_if proto tcp from any port $ssh_ports to $local_net queue(std_in, ssh_im_in)
pass out on $int_if proto tcp from any port $im_ports to $local_net queue ssh_im_in
#
pass in on $int_if from any to $megazeul queue megazeul_in
pass in on $int_if from any to $a6000 queue a6000_in
pass in on $int_if from any to $server2 queue server2_in
pass in on $int_if from any to $iphone_ton queue iphone_ton_in
########## END CONFIG ############
EDITED the last 4 line, from out to in....