You could try Dans Gaurdian. It works with squid and will allow you to controls the sites they go to.
http://dansguardian.org/ You can also limit what files they download by extension if you wish. To block access after 6:00 pm you use a cron job to shut down squid/dansguardian. As Fredrico said, iptables can be use to block the ports that these messengers use, but they can still use port 80. I don't know how to block by application so I just blocked the domains that these servers are on. For example I have blocked hotmail and msn messenger, but not msn.com (If anyone reading this knows how to block port 80 for msn messenger and not your browser, I would love to know how). HTH Wil McGilvery Manager, Digital Media 416-744-7191 416-716-3964 (cell) 1-888-622-3729 416-744-0406 FAX www.LynchDigital.com -----Original Message----- From: Federico Voges [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 13, 2003 1:41 PM To: [EMAIL PROTECTED] Subject: Re: Internet Content Filtering Suggestions WARNING: Unsanitized content follows. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 13 Feb 2003 11:03:43 -0600, Ben Duncan wrote: >Have a client that has about 25 WinSLug Computers. We need to >implement some sort >content / virus filtering, as the employees are starting to abuse the >internet connection. > >We need to allow them to access certain web sites, restrict others, >BLOCK ICQ/AIM, and >do a "time" (Absolutely NO access to the internet after 6PM). > >Now SonicWall seems to be the leading contender here for an appliance >solution, BUT, they >want a "subscription" on all of there devices. > >Any Suggestion here? NutZwerk Appliance? Cheap PC with linux and some >sort of easy to use >admin software? > Te most flexible solution is the last: PC + Linux. You can use Squid + some extra soft to limit web usage and netfilter/iptables to block IMs. In fact, if you just need ftp/web access you can turn of forwarding at the gateway and force everyone to go out through Squid (and maybe, a socks server). One caveat: you'll need at least some scripting skills to go this way. Another option is to use one of the comercial "out of the box" solutions. One that looks ok is Astaro Security Linux (www.astaro.com). It's comercial but you can download the full product iso image to testing (if you like it, all you need to do is enter de reg key in the control panel). I haven't used it, but appears to be one of the mos t complete and flexible arround. You can also go the LRP style and use one of the many LRP clones/derivatives. A good start point is http://leaf.sf.net Just my $0.02 :) Federico Voges Socio gerente Intrasoft Malabia 2137 14 A (1425) Buenos Aires Argentina Te/Fax: 54-11-4833-5182 e-mail: [EMAIL PROTECTED] Web: http://www.intrasoft.com.ar -----BEGIN PGP SIGNATURE----- Version: PGP SDK 3.0 iQA/AwUBPkvm1RRcJRaVKt4XEQKyMQCdHlfBUmyXTCo3G8RUMR2MAqZuAGsAn1PN 0PbSmODgk0PS7GpFcBayUQYA =3pre -----END PGP SIGNATURE----- _______________________________________________ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users _______________________________________________ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
