[GLLUG] content filtering

Richard Houser rick at divinesymphony.net
Mon Mar 31 23:37:11 EDT 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michael George wrote:
| It's time I get more serious about content filtering at home, now that my
| kids are able to get online.
|
| I know there is the dansguardian/squid proxy filter, but I don't want to
| jump immediately to an approach that requires another computer.  I use
| LTSP for myself and for the kids, so we're all on the same system
| (therefore I can't just use mine as the proxy server).
|
| I've heard of OpenDNS for DNS-level filtering, but I'm not sure if that
| will have some loopholes that I hadn't though of...

For starters, a loophole is that someone can just bypass DNS.  It
wouldn't be convenient, but is still relatively easy to do if your kids
are so inclined.  They certainly won't fall into that loophole by
accident, however, so with good parenting, I don't think this would be
an issue.

| I should have thought ahead more when I got my router.  I put in a Linksys
| WRT54GL running dd-wrt just recently.  I'm happy with it so far, and it
| will facilitate a transparent proxy, but it doesn't implement one.  Since
| I only use it for basic router and firewall tasks, it would be nice to
| have a content filtering proxy built into it.
|
| Anyone here have opinions/advice?  Thanks!

I don't know about your kids, but have you looked into providing either
a mostly open internet connection (regarding http port 80/443) with
logging for later review OR a whitelist based approach?  I don't know
about dd-wrt, but if you were running OpenWRT that should certainly be
doable (especially with the up to 2GB flash storage you can put in the GL).

Also, since you are running on the same system, you CAN use your machine
as the proxy.  When on the same machine, you can use firewall rules to
force certain users to use the proxy and allow others open access.
While still on the same machine, I think this is the best option.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org

iD8DBQFH8a3mUMkt1ZRwL1MRAjDYAJ9+lHH0t+XK+/lT3SCADkxLvok3AgCglh9l
ql2l5Ej5l4zqketet3lSJhk=
=mNuB
-----END PGP SIGNATURE-----

More information about the linux-user mailing list