i’d love to have linux-based strict firewall for outgoing traffic. one that can allow for traffic to specific domain name [behind CDN], rather than fixed IP addresses.
i did not find yet something that would tick all my check boxes, nevertheless – few links to related projects and discussions:
- https://serverfault.com/questions/1133064/transparent-https-proxy-with-squid-using-sni
- https://github.com/luainkernel/snihook
- https://nginx.org/en/docs/stream/ngx_stream_ssl_preread_module.html
- https://github.com/gibbon4ik/xt_tlslist
- https://github.com/Lochnair/xt_tls
- https://github.com/0x7a657573/zroxy