On Tuesday 2012-09-18 03:54, Julien Vehent wrote: > On 2012-09-17 18:30, Usuário do Sistema wrote: >> Hello everyone, >> >> it's possible to drop traffic to facebook with iptables Layer7 ? I >> have done some test with Squid but I found some difficult because I'm >> using Transparent Proxy so maybe it been more easy to drop with >> iptables layer7. >> >> any tips is welcome......as well as some how to.... >> >> > > iptables -t filter -I FORWARD -p tcp --dport 80 -m string --string "host: > facebook.com" --icase --algo bm -j DROP > > Of course, this won't work with HTTPS connections. And easily kills the connection whenever there's "host: facebook.com" in the payload. Like... this mail, when read through a web archive. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
