Quote:
Originally Posted by acid_kewpie
Erm... why?? As nice an idea as it might seem to you, don't.
|
Because the other way to whitelist domains, using squid or other proxies, would need too much memory so the VM it would run on would not leave space for the other 3 or 4 VM's that are required at the same time.
Quote:
If you already have a whitelist, why not just convert that into rule directly?
|
I do not yet, but the firewall rules would be per-destination IP (this is for parental control initially, more uses to follow). Where the IP's are known in advance to be associated with youtube.com, yahoo.com and anotherdomain.com, say.
But youtube.com does not have just one IP. Even the list of IP's it has is variable. So domain-name rules are required instead. Firewalls cannot do such rules, so why not dynamically give them the per-IP rules they need, in response to DNS server lookups? There are even floppy linuxes that can run a firewall and a DNS server on 24 MB of ram.