[GLLUG] content filtering
Michael George
george at idealso.com
Tue Apr 1 08:34:52 EDT 2008
I'll look at the openwrt site and see what I can find for modules. I
understand that dd-wrt is based on it and can use its modules, but they
will have to be hand-configured.
Do you know of any "recipies" for setting up firewall rules on a server to
run transparent/forced proxy? I'm hoping for a solution that doesn't
require me to dig knee-deep into learning firewall rules...
I'm also quite happy with a multi-layered approach. I can use OpenDNS,
and dansguardian, and the log files. Putting the system in a public place
is probably one of the best moves, but there are some physical
complexities going in that direction...
Hmm, I bet I can get a boot CD that will fire up the system and do the
same things that LTSP does over wireless... I'll have to look into that
option. Then I can put the system in more places in the house without
stringing more ethernet cables...
On Mon, March 31, 2008 11:37 pm, Richard Houser wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Michael George wrote:
> | It's time I get more serious about content filtering at home, now that
> my
> | kids are able to get online.
> |
> | I know there is the dansguardian/squid proxy filter, but I don't want to
> | jump immediately to an approach that requires another computer. I use
> | LTSP for myself and for the kids, so we're all on the same system
> | (therefore I can't just use mine as the proxy server).
> |
> | I've heard of OpenDNS for DNS-level filtering, but I'm not sure if that
> | will have some loopholes that I hadn't though of...
>
> For starters, a loophole is that someone can just bypass DNS. It
> wouldn't be convenient, but is still relatively easy to do if your kids
> are so inclined. They certainly won't fall into that loophole by
> accident, however, so with good parenting, I don't think this would be
> an issue.
>
> | I should have thought ahead more when I got my router. I put in a
> Linksys
> | WRT54GL running dd-wrt just recently. I'm happy with it so far, and it
> | will facilitate a transparent proxy, but it doesn't implement one.
> Since
> | I only use it for basic router and firewall tasks, it would be nice to
> | have a content filtering proxy built into it.
> |
> | Anyone here have opinions/advice? Thanks!
>
> I don't know about your kids, but have you looked into providing either
> a mostly open internet connection (regarding http port 80/443) with
> logging for later review OR a whitelist based approach? I don't know
> about dd-wrt, but if you were running OpenWRT that should certainly be
> doable (especially with the up to 2GB flash storage you can put in the
> GL).
>
> Also, since you are running on the same system, you CAN use your machine
> as the proxy. When on the same machine, you can use firewall rules to
> force certain users to use the proxy and allow others open access.
> While still on the same machine, I think this is the best option.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (GNU/Linux)
> Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org
>
> iD8DBQFH8a3mUMkt1ZRwL1MRAjDYAJ9+lHH0t+XK+/lT3SCADkxLvok3AgCglh9l
> ql2l5Ej5l4zqketet3lSJhk=
> =mNuB
> -----END PGP SIGNATURE-----
>
-Michael George
More information about the linux-user
mailing list