>> I brought this to the shorewall list for config advice, but I was told: >> >> a) NO PACKET FILTERING FIREWALL (which includes Shorewall) has any >> notion of domains. So filterinG by domain is a non-starter. >> ... >> >> I'd like to restrict the websites one of the computers on my network >> can access in Firefox. It only needs to access 2 different domain >> names and I don't want it to be able to access any others. > > If it's a case of only 2 domains, then the chances are that dumb filtering > will work ok. > > If you allow packets from computer X with a destination port of 80 only to > computers with the IP address 12.154.191.10 then users of computer X will be > able to access mylittlepony.com freely and also any hardcore porn sites also > hosted on the same webserver (12.154.191.10). > > I have to admit this is probably not the way I'd do it, but WHEN YOU WROTE > IN ALL CAPITALS, I FELT COMPELLED TO REPLY TO YOU.
I was quoting the other thread. Guess I should have used [quote][/quote]. - Grant > When I asked about content filtering a couple of months ago, everyone said > Squid was rubbish. > > Actually, they ignored me. From now on, I will write all my questions in > BLOCK CAPITALS in order to maximise my responses. > > But I had expected Squid + module to be the answer, and no-one mentioned it. > A couple of clowns mentioned OpenDNS, and DansGuardian was the only serious > reply I got, so you might want to look at that, too. > http://www.gossamer-threads.com/lists/gentoo/user/175114 > > I really should be implementing this internet filtering this weekend. > > Cheers, > > Stroller.
