I've mentioned in the forum and to a couple of you by email that I'm waiting until the next OpenWrt Kamikaze release to implement a number of features, as a lot has changed in this release, and I'd rather not implement something I'm going to have to completely re-work after a month. So, while the High Priests of OpenWrt continue to tinker, I've been working on implementing an Access Restriction utility for Gargoyle. This entails writing a scheduler for inserting/removing iptables rules at specified times. While the firewall code has changed significantly in the OpenWrt trunk (and therefore in the upcoming release) netfilter/iptables hasn't changed too much. Therefore a scheduler that interacts directly with iptables in Kamikaze 7.09 should work just as well in the new release which makes it a good project to work on right now.
As part of this new utility I have implemented a new iptables match module, for matching the URLs or recently visited web pages. Unlike other similar modules used by DD-WRT & Tomato this module is compatible with both 2.4 and 2.6 kernels (including those in the openwrt trunk) as well as both iptables versions 1.3.x and 1.4.x. Further this module can use either standard string matching or regular expressions to match URLs.
This will drop all outbound http requests to any URL containing "gargoyle" :
This will drop all outbound http requests to both gargoyle-router.com and google.com:iptables -I OUTPUT -m weburl --contains "gargoyle" -j DROP
The code for this new module can be found in the SVN and I've updated the packages in the repository to the latest svn revision (r70) so you can access already-built packages. You need both the kernel module package (kmod-ipt-weburl) and the iptables extension package (iptables-mod-weburl) to make this work. Also be sure that the necessary module is loaded (use insmod ipt_weburl to load the kernel module).iptables -I OUTPUT -m weburl --contains_regex "g.*le" -j DROP
Have fun with the new iptables module while I continue to work on Beta 3.