Currently Being ModeratedApr 12, 2013 5:19 PM (in response to zunguri)
If by the "built-in firewall" you mean either ipfw or pf, depending on the system version, then either one is certainly capable of filtering packets by the IP address of the source or destination, but not by the domain name. To preempt name resolution by host, you can add entries to the hosts file.
Currently Being ModeratedApr 12, 2013 7:18 PM (in response to zunguri)
If using pf, you may be able to use fully qualified doamin name for either the source address or destination address portions of a rule. The FQDN would be resolved via DNS and the IP address substituted in place when the rule is loaded.
I say may because OS X uses a pre-OpenBSD 4.7 version of pf...I believe the functionality is present in the OS X version but cannot confirm it with certainty.
Currently Being ModeratedApr 12, 2013 7:33 PM (in response to g_wolfman)
You're right. It's in the pf.conf(5) man page.
Currently Being ModeratedApr 12, 2013 7:57 PM (in response to zunguri)
FQDN's or IP's are not particularly useful as they are so limited. I am already using an on-board DNS to avoid catch any domain reference. Thanks for the suggestions though.
If you know of any good fw's for OS X with more advanced content filtering capabilities, I'd appreciate a pointer.
Currently Being ModeratedApr 13, 2013 7:12 AM (in response to zunguri)
You don't want a packet-filter firewall. Packet filtering firewalls like pf, IPFW and IP-Tables all work at the Network Layer (Layer 4) and below and perform inspections of individual packets. Domain names are not part of a packet, which is why DNS exists - to map domain names to IP addresses.
You need a service that works at the Application Layer (Layer 7), most likely a proxy, given the use-case you've described.