From ipfilter Fri Dec 06 07:09:19 2002 From: Clayton Fiske Date: Fri, 06 Dec 2002 07:09:19 +0000 To: ipfilter Subject: Re: Filter question X-MARC-Message: https://marc.info/?l=ipfilter&m=103915905220073 On Fri, Dec 06, 2002 at 04:12:48PM +1100, grant beattie wrote: > On Fri, Dec 06, 2002 at 12:02:56AM -0500, Small, Jim wrote: > > > Is it possible to filter on domain names instead of/in addition to IPs? > > block out log quick on proto tcp from any to pornography.com > > > > I would like to mention that I *know* it would be slow. But let's say I'm > > stubborn and want to do it anyway! How would I setup such a configuration? > > Yes, the example you used will work. Note that the IP address lookup > is done at rule load time, not runtime. Also worth noting that this would block any other sites using that IP (vhosting is common). If he is concerned about web access specifically, my suggestion would be to set up ipnat to transparently redirect through squid and block offending URLs there. -c