From owner-freebsd-questions@FreeBSD.ORG  Sat Jul  7 20:51:35 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id AAA0116A468
	for <freebsd-questions@freebsd.org>;
	Sat,  7 Jul 2007 20:51:35 +0000 (UTC)
	(envelope-from jeffrey@goldmark.org)
Received: from out2.smtp.messagingengine.com (out2.smtp.messagingengine.com
	[66.111.4.26]) by mx1.freebsd.org (Postfix) with ESMTP id 8357513C44C
	for <freebsd-questions@freebsd.org>;
	Sat,  7 Jul 2007 20:51:35 +0000 (UTC)
	(envelope-from jeffrey@goldmark.org)
Received: from compute1.internal (compute1.internal [10.202.2.41])
	by out1.messagingengine.com (Postfix) with ESMTP id 0B50175C5;
	Sat,  7 Jul 2007 16:51:35 -0400 (EDT)
Received: from heartbeat2.messagingengine.com ([10.202.2.161])
	by compute1.internal (MEProxy); Sat, 07 Jul 2007 16:51:35 -0400
X-Sasl-enc: OLU+hOFHHK22gUYnLPxYn08GT82883RL1d1LODiWoPNS 1183841494
Received: from [10.1.10.136] (n114.ewd.goldmark.org [72.64.118.114])
	by mail.messagingengine.com (Postfix) with ESMTP id A69484348;
	Sat,  7 Jul 2007 16:51:34 -0400 (EDT)
In-Reply-To: <20070706203359.411e7416@gumby.homeunix.com.>
References: <28511e606938ca3af6624a90fa5798e9@szalbot.homedns.org>
	<20070706203359.411e7416@gumby.homeunix.com.>
Mime-Version: 1.0 (Apple Message framework v752.2)
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <5F454B70-73EE-442F-BA4A-5833920953CF@goldmark.org>
Content-Transfer-Encoding: 7bit
From: Jeffrey Goldberg <jeffrey@goldmark.org>
Date: Sat, 7 Jul 2007 15:51:33 -0500
To: RW <fbsd06@mlists.homeunix.com>
X-Mailer: Apple Mail (2.752.2)
Cc: "freebsd-questions@freebsd.org List" <freebsd-questions@freebsd.org>
Subject: Re: parental control with squid and dansguardian
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Jul 2007 20:51:35 -0000

On Jul 6, 2007, at 2:33 PM, RW wrote:
> If this box is not the gateway, there is no point in doing anything
> about this because they can simply turn-off proxying and go direct to
> the internet.

However, on your gateway you can specify that only the proxy box is  
allowed to connect to the web.  That is block all outbound traffic  
to  ports 80 and 443 unless they come from the machine running squid.

-j



-- 
Jeffrey Goldberg                        http://www.goldmark.org/jeff/