On Friday 21 July 2006 10:04, Amish Mehta wrote:
This is an idea/method (with ip_conntrack as analogy). And doesnt generally pertain to Linux. Many routers do protocol (VPN, Skype, MSN etc) based "packet" filtering. Writing a code for HTTP filtering and implementing it on chip is no big deal.
I dont think it adds any kind of complexity. a) Idea is capture packet on port 80. b) Analyse "Host:" header. c) Check acl d) Block or pass.
I think traffic shapers already do that. But I think it is at packet level. These appliances can also block content very effectively. Some ISPs do have them while some dont :P