iptables, allow only certain urls

From: @ndree
Date: 06/12/02


From: "@ndree" <Andree@nospam-Toonk.nl>
Date: Wed, 12 Jun 2002 12:15:31 +0200

Hello,

Ive got a question about iptables.
Ive got a network 192.168.0.0/24 and there are certain restrictions for the
users on that network.

This network is connected to the intenet through a linux 2.4 iptables
firewall.

A example of a restriction is that the can only visit some internet sites.

The rules ive made for this is:

$IPTABLES -t nat -A POSTROUTING -o $EX_IF -s 192.168.0.0/24 -j MASQUERADE
$IPTABLES -A FORWARD -s www.somesite.com -p tcp --sport 80 -d
192.168.0.0/24 -j ACCEPT
$IPTABLES -A FORWARD -s www.anothersite.com -p tcp --sport 80 -d
192.168.0.0/24 -j ACCEPT
$IPTABLES -A FORWARD -s $NAMESERVER -p udp --sport 53 -d 192.168.0.0/24 -j
ACCEPT
$IPTABLES -A FORWARD -s 0/0 -d 192.168.0.0/24 -j DROP

as you can see Ive made this rule in the forward chain, is this wise to do?
Or should I make this rule in the input or output chain?

I hope you can advise me with this,
what would be the best way to allow only certain sites?

thanks in advance Andree