Hi Misc, This might be slightly OT as it is not only OpenBSD specific.
I am working on improving my OpenBSD home router. I am seeking advises/opinions with respect to Web filtering. About a year ago I started using Privoxy as the number of ads, banners, pop-ups, and similar junk became to much for me and Firefox (I am avoid add-ons). It worked reasonably well and made me wonder if I can do little bit more. Namely I realized that besides my trusted OpenBSD desktop we have bunch of Kindles and Android tablets in our household (mostly used by kids) so I should not be fooling myself that we are safe of viruses just because network access is controlled by PF. Obviously I have some familiarity with ClamAV so I started entertaining the idea of scanning HTTP traffic for viruses either with Squid+Clamav or with with HAPV http://www.server-side.de/ I also read wonderful article http://www.kernel-panic.it/openbsd/proxy/ Of course there is a severe limitation as HTTPS traffic can't be scanned. I know that there are some man-in-the-middle solutions that do allow one to inspect SSL traffic as well but I am not familiar with them. I was wondering if a kind soul could give me some suggested readings. Another interesting thing which is discussed in the Kernel Panic article is DansGuardian which apparently have some ability to filter adds but also gives me the ability to block some websites (now I am talking as a father of two young girls). I know played little bit with DansGuardian and Privoxy as well as DansGuardian and Squid and I can block sites but it appears that it default blocking policy is pritty bad as it is blocking even openbsd.org website. Could anybody who is running DansGuardian in the production give me some adivise on which proxy server should I use and what would be reasonable starting configuration? Finally I realized that xombrero guys in their OpenBSD days created ad-filtering proxy AdSuck. Kernel Panic is discussing also AdZapper. Any oppinions on those two? I am just trying to make a sense of all that info. My final goal is to: 1. strip as much as possible unwanted ads, banners, pop-ups, and similar junk 2. Scan http and possibly https for viruses (thereby protecting kids devices as much as I can). 3. Block some websites (Facebook come first to mind). Thank you for your advise. Predrag
