iptables+squid
 

Well ... I read about iptables+squid to block msn+yahoo+radios .... I can do it with iptables with 2 rules:
/sbin/iptables -A INPUT -p TCP -s $filter -j DROP
/sbin/iptables -A INPUT -p UDP -s $filter -j DROP

where $filter is a list of servers to block.

With this I found that iptables doesnt block some domains ....

I try with squid doing :

acl intra src 192.168.1.0/255.255.255.0
acl msn req_mime_type ^application/x-msn-messenger
acl MSN-MESSENGER dst "sfilterip"
acl msnd dstdomain .webmessenger.msn.com
acl msnd dstdomain *.iloveim.com
acl listamsn dstdomain "/etc/squid/sfilter"
acl yahoo dstdomain pager.yahoo.com
acl yahoo dstdomain shttp.msg.yahoo.com
acl yahoo dstdomain update.messenger.yahoo.com
acl yahoo dstdomain update.pager.yahoo.com

http_access deny intra msn
http_access allow intra
http_access deny intra MSN-MESSENGER
http_access deny msnd
http_access deny intra listamsn
http_access allow localhost
http_access deny yahoo
http_access allow all

And nothing ...

so ... I want to see if I can block it but not block to me ;)

any advice ?

Depending on your setup, if your proxy is transparent, you will need some DNAT or REDIRECT rules to force traffic into the proxy.
Packets going from clients will have an external ip destination address in them.
Rules will need to be interface specific and specify checking the destination address.. eg
-A INPUT -i eth0 -p tcp -d $filter -j DROP

For clients that are set to use the proxy on say port 8080, they will have a local address as a destination address, so squid will have to send to the external ip address.
You can filter in the OUTPUT chain as above..
-A OUTPUT -o eth1 -p tcp -d $filter -j DROP

I can't comment on the squid rules coz I use Dansguardian to do url/content filtering..
www.dansguardian.org