I have setup a layer 7 firewall rule to place certain ip addresses in a address-list.
Logically it is : If ip is in address_list_filter and webpage matches address_list_block then route to web proxy on port 8080.
Web proxy is set to block all. If ip is in address_list_filter and webpage does not match address_list_block then passthrough do not route to proxy.
This does not seem to work. It is as if it never looks at the layer7-protocol. Anyone have any ideas?
Here is my Nat rule:
;;; Kid Friendly Web Proxy
chain=dstnat action=redirect to-ports=8080 protocol=tcp src-address-list=kid_friendly_dns dst-address-list=""