I'm trying to block all http/s traffic and whitelist a very small handful of websites. iptables works well to whitelist simple websites. It falls apart on the asynchronous client-to-other connections. Google does this a lot. Most of Google's apps will eventually ask the client to make an async connection to Google's *.1e100.net, which looks like a cloud service with hundreds or thousands of host records. And iptables doesn't fit this model at all.
Not a huge fan of solutions like OpenDNS. Any other good solutions for getting gmail to work? I'd prefer to stick with iptables realizing it's probably not to be.