Art Wildman wrote: > vivek chal wrote: >> hello all >> >> i have made a server which is acting as a dhcp,dns and internet >> gateway in scientific linux 4.5. Now i want my clients won't access >> some websites such as orkut,facebook etc . Also i don't want to use >> proxy. Please help me . >> Use of iptables to control access to websites isn't feasible, because it's possible to have many websites at a single IP address, and to have one website at many IP addresses. I don't know a solution that does not use a proxy and a content filter. > > The best practice is to setup filtering with a transparent proxy or > bridging firewall, there are other filtering mechanisms which require > updating the filters often or manually. There are also custom LiveCDs, > Wifi Hotspot Apps & Firewall Distro's that have all this built into a > simple appliance distro which may be better suited for your application. > > Setup a transparent proxy with Squid in three easy steps - 200712 NixCraft > http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html > > > How To Block WebPages Based On Keywords Or Phrases With SafeSquid Proxy > Server > http://www.howtoforge.com/blocking-webpages-based-on-keywords-or-phrases-with-safesquid-proxy > > http://www.howtoforge.com/how-to-enforce-google-safesearch-with-safesquid-proxy-server > > http://www.howtoforge.com/how-to-block-porn-pictures-and-images-with-safesquid-proxy-server > > > How To Set Up Shorewall (Shoreline) 4.0 Firewall On CentOS 5.1 > http://www.howtoforge.com/how-to-set-up-shorewall-firewall-on-centos-5.1 > > A parent's guide to Linux Web filtering - 200407 Linux.com > http://www.linux.com/articles/113733 > > DansGuardian > http://dansguardian.org/ I tried dansguardian some years ago, and found I fairly useless: it prevented me from accessing (for example) security documents. It had a (long) list of "bad" words, and blocked documents that had too many of them. I found short documents tended to have relatively few of them and could discuss almost anything, whereas log documents, on account of their length, tended to have a lot of them and so be blocked. Of course, ymmv and your experience might be better. I use squidguard (find it with google): that filters based on URLs, and there are free lists. A problem I have with it is that I don't know how to stop people searching for combinations of apparently-innocent words like "office," "school," "filter," blocker. I have found it necessary to block search engines, including google, and have a home-build front-end to google. -- Cheers John -- spambait [log in to unmask] [log in to unmask] -- Advice http://webfoot.com/advice/email.top.php http://www.catb.org/~esr/faqs/smart-questions.html http://support.microsoft.com/kb/555375 You cannot reply off-list:-)