I know that one can block via specific port, for example, you want to prevent a user going to etrade (just popped into my head for some reason) and this is how you'd do it:
rule tcp, dest=(80), msg="etrade Website",content="etrade.com"
But what if the thing you want to block starts out HTTP then moves to https, say sort of like paypal and other secure sites do. Does that require a new rule with that 443 port, or can one put them both in the same rule? Like this:
rule tcp, dest=(80,443), msg="etrade Website",content="etrade.com"
And if the above is correct, is there a space between the ports along with the , or is it just the , then the next number like 80,443
Or is it 80, 443 ?
Can a person block that using any/all ports using a wildcard?? Such as:
rule tcp, dest=(*), msg="etrade Website",content="etrade.com"
Will that work???
Please, although I appreciate the help, no guesses - I'd prefer if you gave a real-life experience and example. I learn by seeing, and by example. If you say "I think it might" then that isn't really the next step. No offense, but as you know already, IT folks have little room to experiment, the bosses want results. ;-) and thanks.