On 17 Jan 2009, at 05:34, Grant wrote:
...
I brought this to the shorewall list for config advice, but I was
told:
a) NO PACKET FILTERING FIREWALL (which includes Shorewall) has any
notion of domains. So filterinG by domain is a non-starter.
...
I'd like to restrict the websites one of the computers on my network
can access in Firefox. It only needs to access 2 different domain
names and I don't want it to be able to access any others.
If it's a case of only 2 domains, then the chances are that dumb
filtering will work ok.
If you allow packets from computer X with a destination port of 80
only to computers with the IP address 12.154.191.10 then users of
computer X will be able to access mylittlepony.com freely and also any
hardcore porn sites also hosted on the same webserver (12.154.191.10).
I have to admit this is probably not the way I'd do it, but WHEN YOU
WROTE IN ALL CAPITALS, I FELT COMPELLED TO REPLY TO YOU.
When I asked about content filtering a couple of months ago, everyone
said Squid was rubbish.
Actually, they ignored me. From now on, I will write all my questions
in BLOCK CAPITALS in order to maximise my responses.
But I had expected Squid + module to be the answer, and no-one
mentioned it. A couple of clowns mentioned OpenDNS, and DansGuardian
was the only serious reply I got, so you might want to look at that,
too.
http://www.gossamer-threads.com/lists/gentoo/user/175114
I really should be implementing this internet filtering this weekend.
Cheers,
Stroller.