From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1LODKy-0001aD-5R for garchives@archives.gentoo.org; Sat, 17 Jan 2009 15:43:52 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 9A32FE0280; Sat, 17 Jan 2009 15:43:50 +0000 (UTC) Received: from smtpout.karoo.kcom.com (smtpout.karoo.kcom.com [212.50.160.34]) by pigeon.gentoo.org (Postfix) with ESMTP id 53714E0280 for ; Sat, 17 Jan 2009 15:43:50 +0000 (UTC) X-IronPort-AV: E=Sophos;i="4.37,280,1231113600"; d="scan'208";a="65392681" Received: from unknown (HELO compaq.stroller.uk.eu.org) ([213.152.39.90]) by smtpout.karoo.kcom.com with ESMTP; 17 Jan 2009 15:43:49 +0000 Received: from [192.168.1.71] (unknown [192.168.1.71]) by compaq.stroller.uk.eu.org (Postfix) with ESMTP id 0918B137B9B for ; Sat, 17 Jan 2009 15:43:45 +0000 (GMT) Message-Id: <3BC0E9C7-E397-43C8-96C1-1798ED64EBCB@stellar.eclipse.co.uk> From: Stroller To: gentoo-user@lists.gentoo.org In-Reply-To: <49bf44f10901162134o79953e71y393c6a340c398dbe@mail.gmail.com> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 (Apple Message framework v929.2) Subject: Re: [gentoo-user] Restricting Firefox website access Date: Sat, 17 Jan 2009 15:43:43 +0000 References: <49bf44f10901071344l3f081b8dmaa6353b41fb59f4@mail.gmail.com> <58965d8a0901071354l76bea08o328361031ff58ac8@mail.gmail.com> <854dca5c0901081257u25c6dee0j7871901221592a95@mail.gmail.com> <49bf44f10901091040t6c1920c4kbd504920e256ac20@mail.gmail.com> <20090110101854.4ed996d1@fraggod.net> <49bf44f10901100948x5ad0087ag93feadefce0385ad@mail.gmail.com> <20090111070536.52dece68@coercion> <49bf44f10901162134o79953e71y393c6a340c398dbe@mail.gmail.com> X-Mailer: Apple Mail (2.929.2) X-Archives-Salt: ea1e5bfc-a09d-415f-8b8d-d4904fa453de X-Archives-Hash: 1181c896e2a45b5dc2c34ccb6f51aeb0 On 17 Jan 2009, at 05:34, Grant wrote: > ... > I brought this to the shorewall list for config advice, but I was > told: > > a) NO PACKET FILTERING FIREWALL (which includes Shorewall) has any > notion of domains. So filterinG by domain is a non-starter. > ... > > I'd like to restrict the websites one of the computers on my network > can access in Firefox. It only needs to access 2 different domain > names and I don't want it to be able to access any others. If it's a case of only 2 domains, then the chances are that dumb filtering will work ok. If you allow packets from computer X with a destination port of 80 only to computers with the IP address 12.154.191.10 then users of computer X will be able to access mylittlepony.com freely and also any hardcore porn sites also hosted on the same webserver (12.154.191.10). I have to admit this is probably not the way I'd do it, but WHEN YOU WROTE IN ALL CAPITALS, I FELT COMPELLED TO REPLY TO YOU. When I asked about content filtering a couple of months ago, everyone said Squid was rubbish. Actually, they ignored me. From now on, I will write all my questions in BLOCK CAPITALS in order to maximise my responses. But I had expected Squid + module to be the answer, and no-one mentioned it. A couple of clowns mentioned OpenDNS, and DansGuardian was the only serious reply I got, so you might want to look at that, too. http://www.gossamer-threads.com/lists/gentoo/user/175114 I really should be implementing this internet filtering this weekend. Cheers, Stroller.