On 5/28/07, Simon Hobson <[EMAIL PROTECTED]> wrote: > You can't do that with a packet filter - you need to use a proxy that > understands the semantics of the HTTP protocol and can filter based > on the site name rather than the IP address.
Squid proxy + squidguard, or dans guardian. Use a whitelist of sites with a default deny and not a blacklist. Prasanna ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users