LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

September 2008

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS September 2008

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: iptables firewall needed
From:	John Summerfield <[log in to unmask]>
Reply To:	John Summerfield <[log in to unmask]>
Date:	Wed, 1 Oct 2008 09:09:00 +0800
Content-Type:	text/plain
Parts/Attachments:	text/plain (80 lines)

Art Wildman wrote:
> vivek chal wrote:
>> hello all
>>
>> i have made a server which is acting as a dhcp,dns and internet 
>> gateway in scientific linux 4.5. Now i want my clients won't access 
>> some websites such as orkut,facebook etc . Also i don't want to use 
>> proxy. Please help me .
>>

Use of iptables to control access to websites isn't feasible, because 
it's possible to have many websites at a single IP address, and to have 
one website at many IP addresses.

I don't know a solution that does not use a proxy and a content filter.

> 
> The best practice is to setup filtering with a transparent proxy or 
> bridging firewall, there are other filtering mechanisms which require 
> updating the filters often or manually. There are also custom LiveCDs, 
> Wifi Hotspot Apps & Firewall Distro's that have all this built into a 
> simple appliance distro which may be better suited for your application.
> 
> Setup a transparent proxy with Squid in three easy steps - 200712 NixCraft
> http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html 
> 
> 
> How To Block WebPages Based On Keywords Or Phrases With SafeSquid Proxy 
> Server
> http://www.howtoforge.com/blocking-webpages-based-on-keywords-or-phrases-with-safesquid-proxy 
> 
> http://www.howtoforge.com/how-to-enforce-google-safesearch-with-safesquid-proxy-server 
> 
> http://www.howtoforge.com/how-to-block-porn-pictures-and-images-with-safesquid-proxy-server 
> 
> 
> How To Set Up Shorewall (Shoreline) 4.0 Firewall On CentOS 5.1
> http://www.howtoforge.com/how-to-set-up-shorewall-firewall-on-centos-5.1
> 
> A parent's guide to Linux Web filtering - 200407 Linux.com
> http://www.linux.com/articles/113733
> 
> DansGuardian
> http://dansguardian.org/

I tried dansguardian some years ago, and found I fairly useless: it 
prevented me from accessing (for example) security documents. It had a 
(long) list of "bad" words, and blocked documents that had too many of them.

I found short documents tended to have relatively few of them and could 
discuss almost anything, whereas log documents, on account of their 
length, tended to have a lot of them and so be blocked.

Of course, ymmv and your experience might be better.

I use squidguard (find it with google): that filters based on URLs, and 
there are free lists.

A problem I have with it is that I don't know how to stop people 
searching for combinations of apparently-innocent words like "office," 
"school," "filter," blocker.

I have found it necessary to block search engines, including google, and 
have a home-build front-end to google.

-- 

Cheers
John

-- spambait
[log in to unmask]  [log in to unmask]
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV