On Mon, Jan 18, 2010 at 10:32 AM, Stuart Henderson <[email protected]>wrote:
> On 2010-01-17, Jean-Francois <[email protected]> wrote: > > Hi List, > > > > Has anyone experience of a parental control filter with OpenBSD ? > > dansguardian (in ports/packages) is a filtering web proxy, > this might be able to do what you're after. > > I second that. I have on the gateway box (OpenBSD): - Squid with ad-zapper. - I then have dansguardian running as well in front of squid. Initially I used PF to transparent proxy the setup, so all users in the internal network had their traffic pass through dansguardian/squid. But then I got the same level of filtering as the younger users of the internet connection. In the end I setup squid to use basic authentication. I then use dansguardian to recognise the basic authentication and users are placed into two groups. So now certain users (less than 18) get filtered and other users still get the caching/ad-zapping goodness but dansguardian lets them through. PF blocks all http/https traffic requests from the internal network, and only allows proxy connections on port 8080 (where dansguardian is listening in my case). I also have an an internal only listening apache vhost which has a proxy.pac on it. This way all I need to do is add http://gateway.ip/proxy.pac to whatever browser the internal client devices use. It's a lot easier to setup if your OpenBSD gateway is also running squid/dans, well for a small site anyway (< ~10 users). You can even use this to have younger kids have one level of filtering, and older kids on a higher dansguardian "naughtiness level". I've been using it for 8 years now, so I have it fairly stable. Happy to take any off list questions on what/how/why. -- Ted - I could
