Implemented Webfilter plugin + extend builtin output policy configuration

[abelbeck]

Hi @arnova : Just curious how you intend to make this work using WEBFILTER_HOST_OPEN_xxx for a real world case. Limiting access to even an ultra-small subset of the internet would require a lot of rules.

Alternatively, the Pi-hole project or nextdns.io service tackle this via DNS filtering.

[arnova]

Hi @arnova : Just curious how you intend to make this work using WEBFILTER_HOST_OPEN_xxx for a real world case. Limiting access to even an ultra-small subset of the internet would require a lot of rules.

Alternatively, the Pi-hole project or nextdns.io service tackle this via DNS filtering.

Hi @abelbeck ,

The idea is that you can utilize this to limit the internet access for "certain" machines in your network. In my case we have a university machine which we only want to allow to access the Ubuntu update servers and nothing else. And as you probably know most of the corporate servers use multiple IP addresses which also change every now and then. Therefore you can't allow them access with static IP addresses...

[abelbeck]

@arnova : Got it, thanks. That is quite locked-down.

Note that if the desired server used an nginx reverse proxy to a CDN or such, the required allowed servers could be more complicated.