Rob Ogle wrote: >I want to block users from getting to the internet with the exception of a >handful of websites. >I'm using: >ACCEPT loc net:www.weather.com tcp 80
You can't do that with a packet filter - you need to use a proxy that understands the semantics of the HTTP protocol and can filter based on the site name rather than the IP address. Doing what you have, the name will be resolved to an IP address at the time the firewall is (re)started and will allow packets destined to that IP address. Note that a server may host many (tens, hundreds, even thousands) different websites and the rule will allow requests to any of them. Also, many large sites have multiple servers and I'm not sure how that is handled by Shorewall. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
