Filtering Based on TLD?

nelomolen asks: "The school year is upon us, and I'm sure there's more than one school network administrator out there who is facing the same problem I am... web filtering (loud hissing ensues). Most administrators are stuck without a solution, with administration breathing down the back of their neck for a workable one. Put aside for a second that almost everyone hates the idea, we need something to tide us over until these laws are overturned (optimism). Does anyone know of any filtering solutions (client or server-side) that will strictly allow access based on TLD *then* domain name? For the sake of weathering out these laws, the easiest solution is to give unlimited access to .gov, .int, .us, .edu, .mil, etc, and explicit access to the handful of useful .com, .net, and .org domains that are out there. Has this option been explored by anyone? It seems to be a reasonable temporary fix. Is there currently any open-source software that can do this?"

Filtering is bad

[epsalon]

It is bad because you can either filter too many or too little. Usually both.
For example, Google's cache or altavista's babelfish, and many other loopholes alike (there was a link about this in a previous post). If you allow access to these resources - You've allowed access to all. If not, you've shut down a useful service.
Moreover, I can create my own site that can serve as an open proxy and locate it in the .edu domain (I'm a student), and all your security falls. Heck - one of the students could ask a friend in college to build such a site for him.
Either you enable Internet access to all sites, or disable it altogether, except for some previously downloaded pages. Otherwise - there is now way to do so.
What you may consider however, is a strict accounting system and monitoring (which may be automated) of access to illegal material. That way, you can surf to pr0n sites, but you'll be called to the principal's office once you do.