From owner-freebsd-questions@FreeBSD.ORG  Sat Jul  7 21:08:13 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id D6A4016A41F
	for <freebsd-questions@freebsd.org>;
	Sat,  7 Jul 2007 21:08:13 +0000 (UTC)
	(envelope-from iaccounts@ibctech.ca)
Received: from pearl.ibctech.ca (pearl.ibctech.ca [208.70.104.210])
	by mx1.freebsd.org (Postfix) with ESMTP id 77ACD13C4AD
	for <freebsd-questions@freebsd.org>;
	Sat,  7 Jul 2007 21:08:13 +0000 (UTC)
	(envelope-from iaccounts@ibctech.ca)
Received: (qmail 12903 invoked by uid 1002); 7 Jul 2007 21:08:13 -0000
Received: from iaccounts@ibctech.ca by pearl.ibctech.ca by uid 89 with
	qmail-scanner-1.22 
	(spamassassin: 2.64.  Clear:RC:1(208.70.107.100):. 
	Processed in 6.354494 secs); 07 Jul 2007 21:08:13 -0000
Received: from unknown (HELO ?192.168.1.210?) (steve@ibctech.ca@208.70.107.100)
	by pearl.ibctech.ca with (DHE-RSA-AES256-SHA encrypted) SMTP;
	7 Jul 2007 21:08:06 -0000
Message-ID: <469000D0.2010207@ibctech.ca>
Date: Sat, 07 Jul 2007 17:08:32 -0400
From: Steve Bertrand <iaccounts@ibctech.ca>
User-Agent: Thunderbird 2.0.0.4 (Windows/20070604)
MIME-Version: 1.0
To: Jeffrey Goldberg <jeffrey@goldmark.org>
References: <28511e606938ca3af6624a90fa5798e9@szalbot.homedns.org>	<20070706203359.411e7416@gumby.homeunix.com.>
	<5F454B70-73EE-442F-BA4A-5833920953CF@goldmark.org>
In-Reply-To: <5F454B70-73EE-442F-BA4A-5833920953CF@goldmark.org>
X-Enigmail-Version: 0.95.1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: RW <fbsd06@mlists.homeunix.com>,
	"freebsd-questions@freebsd.org List" <freebsd-questions@freebsd.org>
Subject: Re: parental control with squid and dansguardian
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Jul 2007 21:08:13 -0000

Jeffrey Goldberg wrote:
> On Jul 6, 2007, at 2:33 PM, RW wrote:
>> If this box is not the gateway, there is no point in doing anything
>> about this because they can simply turn-off proxying and go direct to
>> the internet.
> 
> However, on your gateway you can specify that only the proxy box is
> allowed to connect to the web.  That is block all outbound traffic to 
> ports 80 and 443 unless they come from the machine running squid.

This is of course granted that the gateway has a strict firewall rule
set that allows minimal, known destination ports and by default would
block external, free proxies (and anything else) that run on unusual
ports (eg: 50001) as someone else suggested.

Steve