"
hmm got bitten by nat order :)
nat is first, then filtering.
so my solution is a mix of firewall filter by fqdn and transparent web proxy (to have a way to collect the fqdn's).
- the web proxy is normal, no blacklist
- create one alias with the fqdn i need to block
- the nat rule for transparent proxy, is changed to do nat to all traffic except destination to my alias
- then the filter rule drop the traffic toward my alias
- and offcourse the nat can be done also by source IP
now kids have no escape :) mhuhahahaha mwuhahahaha
Cheers,
nat is first, then filtering.
so my solution is a mix of firewall filter by fqdn and transparent web proxy (to have a way to collect the fqdn's).
- the web proxy is normal, no blacklist
- create one alias with the fqdn i need to block
- the nat rule for transparent proxy, is changed to do nat to all traffic except destination to my alias
- then the filter rule drop the traffic toward my alias
- and offcourse the nat can be done also by source IP
now kids have no escape :) mhuhahahaha mwuhahahaha
Cheers,
