From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1LOF2L-00047E-LU for garchives@archives.gentoo.org; Sat, 17 Jan 2009 17:32:46 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 698A2E02D8; Sat, 17 Jan 2009 17:32:16 +0000 (UTC) Received: from mail-bw0-f21.google.com (mail-bw0-f21.google.com [209.85.218.21]) by pigeon.gentoo.org (Postfix) with ESMTP id EB6EEE02D8 for ; Sat, 17 Jan 2009 17:32:15 +0000 (UTC) Received: by bwz14 with SMTP id 14so6144275bwz.10 for ; Sat, 17 Jan 2009 09:32:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=uz4Pf5RAXHpZOCOq0OO9rrkz1rnI/mkhcwGXM+QAcHI=; b=B9MDNVR/0lLrpBF2ptPsxh1Xk6zHzCsoJhJ0UlxA9Fs/5iRt4ayOefqDCfaJtDYz6u tnodCwNkJTRDpLwmVy995dHhjEdDZ79Znr0KQApgwsBroksh7OvBZRVRxPXj8QaQpKyg gbwel9VdmFdVMLtNUoEcI86xwMnMGENJgnpL4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=bb0amxhe9tMxyXooQTVeeD9yjXuy0IMdHNzOLaPKjK0KSvv+KQFY8GUy1nSZVquEZa ErI+jreAds1sUSeC2Q39HScZk7wxOunlzTFnrxxzLcd5k6O6oskDl7ImJTUGXEhveTvD UeHLwSmNECss6pg6uSG22/MmFWWOPQYqUPalk= Received: by 10.180.245.20 with SMTP id s20mr1315710bkh.184.1232213535035; Sat, 17 Jan 2009 09:32:15 -0800 (PST) Received: by 10.180.208.18 with HTTP; Sat, 17 Jan 2009 09:32:14 -0800 (PST) Message-ID: <49bf44f10901170932v1351ce0bvaaf851a18a06dbc0@mail.gmail.com> Date: Sat, 17 Jan 2009 09:32:14 -0800 From: Grant To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Restricting Firefox website access In-Reply-To: <3BC0E9C7-E397-43C8-96C1-1798ED64EBCB@stellar.eclipse.co.uk> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <49bf44f10901071344l3f081b8dmaa6353b41fb59f4@mail.gmail.com> <58965d8a0901071354l76bea08o328361031ff58ac8@mail.gmail.com> <854dca5c0901081257u25c6dee0j7871901221592a95@mail.gmail.com> <49bf44f10901091040t6c1920c4kbd504920e256ac20@mail.gmail.com> <20090110101854.4ed996d1@fraggod.net> <49bf44f10901100948x5ad0087ag93feadefce0385ad@mail.gmail.com> <20090111070536.52dece68@coercion> <49bf44f10901162134o79953e71y393c6a340c398dbe@mail.gmail.com> <3BC0E9C7-E397-43C8-96C1-1798ED64EBCB@stellar.eclipse.co.uk> X-Archives-Salt: 1a0e07d7-3e96-498c-b8d2-bcf1156a0ae6 X-Archives-Hash: 55e1e4d478f3f25de2a8aee24bb18d93 >> I brought this to the shorewall list for config advice, but I was told: >> >> a) NO PACKET FILTERING FIREWALL (which includes Shorewall) has any >> notion of domains. So filterinG by domain is a non-starter. >> ... >> >> I'd like to restrict the websites one of the computers on my network >> can access in Firefox. It only needs to access 2 different domain >> names and I don't want it to be able to access any others. > > If it's a case of only 2 domains, then the chances are that dumb filtering > will work ok. > > If you allow packets from computer X with a destination port of 80 only to > computers with the IP address 12.154.191.10 then users of computer X will be > able to access mylittlepony.com freely and also any hardcore porn sites also > hosted on the same webserver (12.154.191.10). > > I have to admit this is probably not the way I'd do it, but WHEN YOU WROTE > IN ALL CAPITALS, I FELT COMPELLED TO REPLY TO YOU. I was quoting the other thread. Guess I should have used [quote][/quote]. - Grant > When I asked about content filtering a couple of months ago, everyone said > Squid was rubbish. > > Actually, they ignored me. From now on, I will write all my questions in > BLOCK CAPITALS in order to maximise my responses. > > But I had expected Squid + module to be the answer, and no-one mentioned it. > A couple of clowns mentioned OpenDNS, and DansGuardian was the only serious > reply I got, so you might want to look at that, too. > http://www.gossamer-threads.com/lists/gentoo/user/175114 > > I really should be implementing this internet filtering this weekend. > > Cheers, > > Stroller.