On Friday 21 July 2006 10:04, Amish Mehta wrote: > This is an idea/method (with ip_conntrack as analogy). > And doesnt generally pertain to Linux. Many routers do protocol > (VPN, Skype, MSN etc) based "packet" filtering. Writing a code > for HTTP filtering and implementing it on chip is no big deal. > > I dont think it adds any kind of complexity. > a) Idea is capture packet on port 80. > b) Analyse "Host:" header. > c) Check acl > d) Block or pass.
I think traffic shapers already do that. But I think it is at packet level. These appliances can also block content very effectively. Some ISPs do have them while some dont :P -- Dinesh A. Joshi -- http://mm.glug-bom.org/mailman/listinfo/linuxers
