Perhaps a transparent squid proxy. Redirect the http requests to squid,
and then block the sites there.
17. Interception Caching/Proxying
http://www.squid-cache.org/Doc/FAQ/FAQ-17.html
----- Original Message -----
From: "Corey Smith" <[EMAIL PROTECTED]>
To: "Daniel Walker" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>; "vladone" <[EMAIL PROTECTED]>
Sent: Friday, April 28, 2006 3:26 PM
Subject: Re: IPTABLES to IPFW for Packet Inspection Filtering
Daniel Walker wrote:
IPTABLES allows for string matching. IPFW does not. I'll have to fire
up my Ubuntu to do this.
AFAIK String match deny processing should be done using divert(4) sockets
like natd. You use IPFW to divert outgoing DNS requests to your natd-like
(userland) process. This process determines whether or not it contains
your string and blocks the request/response if it does.
_______________________________________________
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
