diff --git a/host_vars/gw1.pyrocufflink.blue/squid.yml b/host_vars/gw1.pyrocufflink.blue/squid.yml
new file mode 100644
index 0000000..9642567
--- /dev/null
+++ b/host_vars/gw1.pyrocufflink.blue/squid.yml
@@ -0,0 +1,32 @@
+squid_acl:
+  localnet:
+    - 'src 10.0.0.0/8		# RFC 1918 local private network (LAN)'
+    - 'src 172.16.0.0/12		# RFC 1918 local private network (LAN)'
+    - 'src 192.168.0.0/16		# RFC 1918 local private network (LAN)'
+    - 'src fc00::/7       	# RFC 4193 local private network range'
+    - 'src fe80::/10      	# RFC 4291 link-local (directly plugged) machines'
+  SSL_ports:
+  - port 443
+  Safe_ports:
+  - 'port 80		# http'
+  - 'port 443		# https'
+  CONNECT:
+  - method CONNECT
+  fedora_repo:
+  - dstdomain mirrors.fedoraproject.org
+  - dstdomain dl.fedoraproject.org
+  google_fonts:
+  - dstdomain fonts.googleapis.com
+  - dstdomain fonts.gstatic.com
+
+squid_http_access:
+- 'deny !Safe_ports'
+- 'deny CONNECT !SSL_ports'
+- allow localhost manager
+- deny manager
+- deny to_localhost
+- allow localnet fedora_repo
+- allow google_fonts
+- deny all
+
+squid_cache_dir: []
diff --git a/hosts.gw b/hosts.gw
index bfd7ca0..d4c657c 100644
--- a/hosts.gw
+++ b/hosts.gw
@@ -9,3 +9,6 @@ gw1.pyrocufflink.blue
 
 [nut-monitor]
 gw1.pyrocufflink.blue
+
+[squid]
+gw1.pyrocufflink.blue