15.11. Can I filter/restrict/block certain websites with SmallWall?

There are no filtering capabilities built into SmallWall based on web site content, keywords, etc., nor any supported add-ons with such functionality.

Blocking by IP Address/Subnet

You can block specific sites by putting in firewall rules to deny access to the undesired server's IP address. If you take this path, it is recommended you use "reject" rather than "block" in the firewall rules so inaccessible sites time out immediately.

Blocking by DNS Override

If you use your SmallWall as your only DNS server, you can also block specific sites by putting in DNS override for the undesired site to point to an internal or invalid IP address. To block www.example.com, put in a DNS override pointing it to or some other invalid IP address, or an address of a LAN web server. If you use an invalid IP address, you should put in a firewall rule to reject packets to this address so the requests time out immediately.

Note this is easy to get around by either using a different DNS server (blocking port 53 outbound can help here) or editing the hosts file on the local machine, though this is beyond the capabilities and knowledge of most any user.

Using a Proxy Server

The ideal solution would be to use a proxy server on your LAN, and block outgoing traffic from your LAN hosts other than the proxy server.