* [gentoo-user] [OT] Best way to restrict home web browsing
@ 2010-11-04 20:41 Jake Moe
2010-11-04 20:59 ` Matthew Summers
2010-11-04 21:07 ` Stroller
0 siblings, 2 replies; 4+ messages in thread
From: Jake Moe @ 2010-11-04 20:41 UTC (permalink / raw
To: gentoo-user
A bit off topic, but this group seems to know a lot about this sort of
subject.
I've caught the 11 year old at home browsing sites he really shouldn't
be. I'd like to implement some sort of filter so that he can only
access "approved" sites, but myself and my o/h can browse whatever we
want. What is the best way to implement this? A firewall? Some sort
of web proxy? Something else? I've got a few Gentoo computers, one
that tri-boots between Windows XP (for work), Windows 7 (for games) and
Gentoo (for everything else), and one Windows laptop (my o/h won't give
it up) connecting to one wireless AP/router.
I'm thinking maybe a single firewall would be the way to go, but I
suppose it'd have to something that we could "log" into to let it know
who's who; I've never heard of a firewall that does that. Otherwise,
maybe a software firewall on each PC, but it'd be a bit cumbersome
across all the PCs, unless it had some sort of central management server.
A web search seems to show a Squid proxy may be the way to go, as well.
but I'm not familiar enough with that to know if it'll really do what I
want.
Any help/suggestions would be appreciated. Thanks.
Jake Moe
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [gentoo-user] [OT] Best way to restrict home web browsing
2010-11-04 20:41 [gentoo-user] [OT] Best way to restrict home web browsing Jake Moe
@ 2010-11-04 20:59 ` Matthew Summers
2010-11-07 9:38 ` Kfir Lavi
2010-11-04 21:07 ` Stroller
1 sibling, 1 reply; 4+ messages in thread
From: Matthew Summers @ 2010-11-04 20:59 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 2155 bytes --]
On Thu, Nov 4, 2010 at 3:41 PM, Jake Moe <jakesaddress@gmail.com> wrote:
> A bit off topic, but this group seems to know a lot about this sort of
> subject.
>
> I've caught the 11 year old at home browsing sites he really shouldn't
> be. I'd like to implement some sort of filter so that he can only
> access "approved" sites, but myself and my o/h can browse whatever we
> want. What is the best way to implement this? A firewall? Some sort
> of web proxy? Something else? I've got a few Gentoo computers, one
> that tri-boots between Windows XP (for work), Windows 7 (for games) and
> Gentoo (for everything else), and one Windows laptop (my o/h won't give
> it up) connecting to one wireless AP/router.
>
> I'm thinking maybe a single firewall would be the way to go, but I
> suppose it'd have to something that we could "log" into to let it know
> who's who; I've never heard of a firewall that does that. Otherwise,
> maybe a software firewall on each PC, but it'd be a bit cumbersome
> across all the PCs, unless it had some sort of central management server.
>
> A web search seems to show a Squid proxy may be the way to go, as well.
> but I'm not familiar enough with that to know if it'll really do what I
> want.
>
> Any help/suggestions would be appreciated. Thanks.
>
> Jake Moe
>
>
>
Hi Jake,
This is something I wish there was more information about free/open
solutions available to assist parents in this exact situation.
So, dansguardian [1] is a good place to start, and here [2] is a nice
article on linux.com that provides an actual solution.
I think it would be really helpful if you could document what you learn as
you traverse this situation, so that other may benefit as well. Perhaps a
gentoo forum topic in addition to this ML might be appropriate.
Also, I have seen around some talk about running a setup like this on a WRT
router running DD-WRT and another system called packetprotector running
openwrt [3]
[1] http://dansguardian.org/
[2] http://www.linux.com/archive/feature/113733
[3] http://packetprotector.org/
Cheers and good luck,
Matt
--
Matthew W. Summers
quantumsummers | trustee, gentoo foundation
[-- Attachment #2: Type: text/html, Size: 3037 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [gentoo-user] [OT] Best way to restrict home web browsing
2010-11-04 20:41 [gentoo-user] [OT] Best way to restrict home web browsing Jake Moe
2010-11-04 20:59 ` Matthew Summers
@ 2010-11-04 21:07 ` Stroller
1 sibling, 0 replies; 4+ messages in thread
From: Stroller @ 2010-11-04 21:07 UTC (permalink / raw
To: gentoo-user
On 4/11/2010, at 8:41pm, Jake Moe wrote:
> ...
> I've caught the 11 year old at home browsing sites he really shouldn't
> be. I'd like to implement some sort of filter so that he can only
> access "approved" sites, but myself and my o/h can browse whatever we
> want. What is the best way to implement this? A firewall? Some sort
> of web proxy? Something else?
This is something that you can do in all sorts of complicated manners. But it's really not realistic for one person to maintain a list of porn sites, and even updating lists that you obtain from elsewhere can be a chore. The best blocklists are sold on a subscription basis, and so on.
The easiest way is probably to use OpenDNS, and sign up for an account with their filters. You can point your router to the OpenDNS servers and then it will serve DNS to all the client machines on the LAN. If you want to bypass it then you change the DNS on your own PC to point to an uncensored one.
A very small minority of capable employees and teenagers are probably capable of bypassing most any restriction. Based on the OpenDNS suggestion, the next level of security is to block at the router all DNS packets from inside the LAN, unless they're going to the router itself (which gets its DNS from OpenDNS on the filtered account).
Stroller.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [gentoo-user] [OT] Best way to restrict home web browsing
2010-11-04 20:59 ` Matthew Summers
@ 2010-11-07 9:38 ` Kfir Lavi
0 siblings, 0 replies; 4+ messages in thread
From: Kfir Lavi @ 2010-11-07 9:38 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 3030 bytes --]
On Thu, Nov 4, 2010 at 10:59 PM, Matthew Summers
<quantumsummers@gentoo.org>wrote:
> On Thu, Nov 4, 2010 at 3:41 PM, Jake Moe <jakesaddress@gmail.com> wrote:
>
>> A bit off topic, but this group seems to know a lot about this sort of
>> subject.
>>
>> I've caught the 11 year old at home browsing sites he really shouldn't
>> be. I'd like to implement some sort of filter so that he can only
>> access "approved" sites, but myself and my o/h can browse whatever we
>> want. What is the best way to implement this? A firewall? Some sort
>> of web proxy? Something else? I've got a few Gentoo computers, one
>> that tri-boots between Windows XP (for work), Windows 7 (for games) and
>> Gentoo (for everything else), and one Windows laptop (my o/h won't give
>> it up) connecting to one wireless AP/router.
>>
>> I'm thinking maybe a single firewall would be the way to go, but I
>> suppose it'd have to something that we could "log" into to let it know
>> who's who; I've never heard of a firewall that does that. Otherwise,
>> maybe a software firewall on each PC, but it'd be a bit cumbersome
>> across all the PCs, unless it had some sort of central management server.
>>
>> A web search seems to show a Squid proxy may be the way to go, as well.
>> but I'm not familiar enough with that to know if it'll really do what I
>> want.
>>
>> Any help/suggestions would be appreciated. Thanks.
>>
>> Jake Moe
>>
>>
>>
> Hi Jake,
>
> This is something I wish there was more information about free/open
> solutions available to assist parents in this exact situation.
>
> So, dansguardian [1] is a good place to start, and here [2] is a nice
> article on linux.com that provides an actual solution.
>
> I think it would be really helpful if you could document what you learn as
> you traverse this situation, so that other may benefit as well. Perhaps a
> gentoo forum topic in addition to this ML might be appropriate.
>
> Also, I have seen around some talk about running a setup like this on a WRT
> router running DD-WRT and another system called packetprotector running
> openwrt [3]
>
>
> [1] http://dansguardian.org/
> [2] http://www.linux.com/archive/feature/113733
> [3] http://packetprotector.org/
>
> Cheers and good luck,
> Matt
> --
> Matthew W. Summers
> quantumsummers | trustee, gentoo foundation
>
>
I'm using this tool for general filtering of stuff.
http://www.gentoo-wiki.info/Moblock
It's not exactly what you need, but it worth a check, because it gets list
of sites, so maybe you can add special lists to Moblock that filter sites
that are not for teens.
Take care that I would use a proxy site to surf the web to overcome your
filtering, so this also should be banned.
To check it search google for anonymous proxy or something similar.
After you do implement those solutions, check that your boy don't spent more
time in the neighbor's home surfing the web ;-)
If you can document your steps, as Matt said above, maybe on
http://en.gentoo-wiki.com, it will be very good for all of us.
Regards,
Kfir
[-- Attachment #2: Type: text/html, Size: 4373 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2010-11-07 9:39 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-11-04 20:41 [gentoo-user] [OT] Best way to restrict home web browsing Jake Moe
2010-11-04 20:59 ` Matthew Summers
2010-11-07 9:38 ` Kfir Lavi
2010-11-04 21:07 ` Stroller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox