From owner-freebsd-questions Mon Jul 23 16:29:44 2001 Delivered-To: freebsd-questions@freebsd.org Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108]) by hub.freebsd.org (Postfix) with ESMTP id 54FE237B405 for ; Mon, 23 Jul 2001 16:29:34 -0700 (PDT) (envelope-from fgleiser@cactus.fi.uba.ar) Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108]) by cactus.fi.uba.ar (8.11.3/8.9.3) with ESMTP id f6NNRwV59906; Mon, 23 Jul 2001 20:27:59 -0300 (ART) (envelope-from fgleiser@cactus.fi.uba.ar) Date: Mon, 23 Jul 2001 20:27:58 -0300 (ART) From: Fernando Gleiser To: Chip Cc: Subject: Re: freebsd box as a porn filter? In-Reply-To: <3B5CB113.2FA47614@wiegand.org> Message-ID: <20010723202321.V57783-100000@cactus.fi.uba.ar> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, 23 Jul 2001, Chip wrote: > Fernando Gleiser wrote: > > > Install squid, it is an HTTP proxy/cache with filtering capabilities. > > It is in the ports (/usr/ports/www/squid2[234]). > > > > Would this work in addition to an existing natd/firewall/router box? > Or in place of it/part of it? They are complementary. What you do is block all access to port 80, 443, etc on the router/firewall if it is not comming from the proxy. pass in on proto tcp from to any port = 80 flags S keep state block return-rst in on proto tcp all add the apropiate rules for https, etc. Fer > -- > Chip > > > > > The ACL configuration is covered on section 10 of the squid FAQ > > (http://www.squid-cache.org/Doc/FAQ/FAQ.html). > > > > Fer > > > > On Mon, 23 Jul 2001, Clayton Tycksen wrote: > > > > > Dear FreeBSD, > > > > > > I'm relatively new to Unix. A good friend of mine has converted me to > > > FreeBSD, and I'm enjoying it. > > > I do have a question- as the administrator of a small network, I'm > > > wondering if it's possible to set up FreeBSD on a box and have it > > > perform filtering of pornography. I realise that I can set up a FreeBSD > > > box to perform packet filtering (although I still need to figure out how > > > to do that, exactly). But I'd like to prohibit nodes on our network > > > from viewing pornographic material, and a few other general websites. I > > > do not have an external 'router' per se - We have an ISDN connection to > > > our ISP (which does not provide filtering). > > > > > > I've looked at available hardware designed specifically for spam and > > > porn filtering for networks, but the price of the hardware is too high > > > for my small network of 15 nodes and 2 servers. > > > > > > Any suggestions? > > > > > > -- > > > Clayton Tycksen > > > Network Administrator > > > Zoll & Tycksen, LC > > > > > > tel (801) 685-7800 ext 15 > > > fax (801) 685-7808 > > > cell (801) 913-2208 > > > > > > text msg: help@ztlaw.com > > > > > > ******************************************************************* > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-questions" in the body of the message > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > -- > Regards, > > -- > Chip Wiegand > CRW Computer Services > www.wiegand.org > chip@wiegand.org > <------------------> > Web page design > Consulting > PC Repair > <------------------> > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message