I've just installed squid3, set acl's to the local ip addresses I want to be able to use it and also filtered port 3128 in iptables.
Is it possible I can close this port completely on the external ip so it only binds to the local ip address instead of external?
If you have multiple ip addresses, you can bind squid to one of them. For example, if the local ip address is 192.168.0.1, then you can configure squid to listen only to this ip address by setting http_port directive like:
http://www.squid-cache.org/Versions/v3/3.3/cfgman/http_port.html