From owner-freebsd-pf@freebsd.org  Thu Jun 16 08:03:41 2016
Return-Path: <owner-freebsd-pf@freebsd.org>
Delivered-To: freebsd-pf@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 177C6A479F0
 for <freebsd-pf@mailman.ysv.freebsd.org>; Thu, 16 Jun 2016 08:03:41 +0000 (UTC)
 (envelope-from 000.fbsd@quip.cz)
Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id CE1F01F71;
 Thu, 16 Jun 2016 08:03:40 +0000 (UTC)
 (envelope-from 000.fbsd@quip.cz)
Received: from elsa.codelab.cz (localhost [127.0.0.1])
 by elsa.codelab.cz (Postfix) with ESMTP id 1E96E2842F;
 Thu, 16 Jun 2016 10:03:32 +0200 (CEST)
Received: from illbsd.quip.test (ip-86-49-16-209.net.upcbroadband.cz
 [86.49.16.209])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by elsa.codelab.cz (Postfix) with ESMTPSA id CCF4328416;
 Thu, 16 Jun 2016 10:03:30 +0200 (CEST)
Message-ID: <57625D52.1030607@quip.cz>
Date: Thu, 16 Jun 2016 10:03:30 +0200
From: Miroslav Lachman <000.fbsd@quip.cz>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:35.0) Gecko/20100101 Firefox/35.0 SeaMonkey/2.32
MIME-Version: 1.0
To: atar <atar.yosef@gmail.com>, Gary Palmer <gpalmer@freebsd.org>
CC: "freebsd-pf@freebsd.org" <freebsd-pf@freebsd.org>
Subject: Re: Filter connections based on the hostname.
References: <5858A82C-FB66-4D67-A676-47EABED976CE@gmail.com>
 <57600481.6080204@quip.cz> <08195C33-DC97-4ADD-9C0A-D9493E2C29F7@gmail.com>
 <57602DEC.6080201@quip.cz> <969F8F1C-E992-4F47-89F9-759FD8CE2B91@gmail.com>
 <20160614202243.GA81528@in-addr.com>
 <545E509D-7851-4D1E-9547-2B20D36DD04E@gmail.com>
In-Reply-To: <545E509D-7851-4D1E-9547-2B20D36DD04E@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jun 2016 08:03:41 -0000

atar wrote on 06/16/2016 09:15:

[...]

>> www.google.com DNS TTLs are 5 minutes so you shouldn't have to worry
>> about the IP changing in less then a minute UNLESS your PF firewall
>> and your browser use different DNS servers and could therefore get
>> different answers
>>
>> Regards,
>>
>> Gary
>
> Can you give me any hint how to cause PF to redirect all the traffic through the squid proxy? I'm pretty new in them both (PF and squid).

You can find basic config here
http://wiki.squid-cache.org/ConfigExamples/Intercept/FreeBsdPf

Squid can be installed from ports / packages
http://www.freshports.org/www/squid/

Miroslav Lachman