IPTABLES to IPFW for Packet Inspection Filtering
Matthew McGehrin
mcgehrin at reverse.net
Fri Apr 28 20:49:46 UTC 2006
Perhaps a transparent squid proxy. Redirect the http requests to squid,
and then block the sites there.
17. Interception Caching/Proxying
http://www.squid-cache.org/Doc/FAQ/FAQ-17.html
----- Original Message -----
From: "Corey Smith" <csmith at bonddesk.com>
To: "Daniel Walker" <dwalker at zbi.com>
Cc: <ipfw at freebsd.org>; "vladone" <vladone at spaingsm.com>
Sent: Friday, April 28, 2006 3:26 PM
Subject: Re: IPTABLES to IPFW for Packet Inspection Filtering
> Daniel Walker wrote:
>> IPTABLES allows for string matching. IPFW does not. I'll have to fire
>> up my Ubuntu to do this.
> AFAIK String match deny processing should be done using divert(4) sockets
> like natd. You use IPFW to divert outgoing DNS requests to your natd-like
> (userland) process. This process determines whether or not it contains
> your string and blocks the request/response if it does.
More information about the freebsd-ipfw
mailing list