Re: Restricting browsers to only listed websites
http://dooble.sf.net should allow to create a whitelist of accessible webpages. dunno if it is taken out again, as it is a censorship. 2013/5/9 davidscha...@mobilicity.blackberry.com Is there a way to allow a machine on the network to only access a small list of websites? I have a fedora 17 machine that is hooked to a tv that I only want to access a couple of sites for movies. This is accessible to everyone and is only to be used as stated. I need the network up. A Cisco router is between the machine and the net that I do not want to reset. (Unauthorized to do so). Any help on this would be appreciated. Dave Sent from my BlackBerry® smartphone powered by Mobilicity -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Restricting browsers to only listed websites
Am 11.05.2013 00:11, schrieb Michael Hennebry: On Fri, 10 May 2013, Reindl Harald wrote: nobody said it is a good solution and i personally would not do it but if the OP does not want a appliance between the machine and the not by him controlled router there not much left Could the appliance be something running in a virtual machine? surely, there is no difference between a physical and a virtual machine if you need no special hardware, hence that is why these days even complex production networks are virtualized for any sort of services and you can by security appliances from barracuda networks a read-to-deploy VMware-image with the same functions as the phyiscal ones but it should strictly not run on the same machine maybe it woould be possible to assign a dedicated NIC to the VM which is connected to the internet and declare the IP of the guest as standard gateway of the host-system but even for a lot of money i would not do that outside prove of concept games signature.asc Description: OpenPGP digital signature -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Restricting browsers to only listed websites
On 05/09/2013 10:11 AM, davidscha...@mobilicity.blackberry.com wrote: Is there a way to allow a machine on the network to only access a small list of websites? I have a fedora 17 machine that is hooked to a tv that I only want to access a couple of sites for movies. This is accessible to everyone and is only to be used as stated. I need the network up. A Cisco router is between the machine and the net that I do not want to reset. (Unauthorized to do so). Any help on this would be appreciated. Dave Sent from my BlackBerry® smartphone powered by Mobilicity Maybe this can help... http://www.lartc.org/ Advance Routing etc. Fred -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Restricting browsers to only listed websites
On Thu, May 9, 2013 at 10:11 AM, davidscha...@mobilicity.blackberry.com wrote: Is there a way to allow a machine on the network to only access a small list of websites? https://addons.mozilla.org/en-US/firefox/addon/easy-whitelist/ I suspect this is not what you want, however. :) FC -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Restricting browsers to only listed websites
On Thu, 2013-05-09 at 16:48 +0200, Reindl Harald wrote: dns is not needed for networking on the technical level enter the domains you need and want to allow to access in /etc/hosts Then, later on, when you find that the site isn't accessible anymore, because the service changed where they host their site, change the IPs you list in your hosts file. Worse, find that you have to keep doing this quite often, because the site spreads itself across different IPs. -- [tim@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Restricting browsers to only listed websites
On Thu, 9 May 2013 14:11:04 + davidscha...@mobilicity.blackberry.com wrote: Is there a way to allow a machine on the network to only access a small list of websites? in the machine you want limited. Use Opendns as the dns servers. You can set to block all, but sites you specify. Even on their free service. https://www.opendns.com/ Even within a Parish Lan, have used it to curtail a public usable PC. -- Regards, Frank - I check for new mail app. 20min www.frankly3d.com -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Restricting browsers to only listed websites
Am 10.05.2013 18:09, schrieb Frank Murphy: On Thu, 9 May 2013 14:11:04 + davidscha...@mobilicity.blackberry.com wrote: Is there a way to allow a machine on the network to only access a small list of websites? in the machine you want limited. Use Opendns as the dns servers. https://www.opendns.com/ after we moved a server to a new location, prepared the change hours ago by lower the TTL from 1 hour to 5 minutes and find out that openDNS was one of few dns-servers which answered with the old IP *some months* later i would not recommend anybody using it because such things *must not happen - never* Original-Nachricht Betreff: WRONG REPSONSES Datum: Thu, 16 Feb 2012 15:16:42 +0100 Von: Reindl Harald h.rei...@thelounge.net An: cont...@opendns.com good day can you explain me why a server which was migrated Oct 2011 to a new location is still with the old IP in your nameservers? OLD: 193.104.1.241 CURRENT: 91.118.73.17 we are SOA for this zone and had a TTL of 5 Minutes some hours before migration and of 1 hour months before it was done! [harry@rh:~]$ nslookup caladan.thelounge.net 208.67.222.222 Server: 208.67.222.222 Address:208.67.222.222#53 Non-authoritative answer: Name: caladan.thelounge.net Address: 193.104.1.241 signature.asc Description: OpenPGP digital signature -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Restricting browsers to only listed websites
On Fri, 10 May 2013, Reindl Harald wrote: Am 10.05.2013 18:03, schrieb Tim: On Thu, 2013-05-09 at 16:48 +0200, Reindl Harald wrote: dns is not needed for networking on the technical level enter the domains you need and want to allow to access in /etc/hosts Then, later on, when you find that the site isn't accessible anymore, because the service changed where they host their site, change the IPs you list in your hosts file. Worse, find that you have to keep doing this quite often, because the site spreads itself across different IPs I haven't used this and don't know how well it works: https://addons.mozilla.org/en-US/firefox/addon/easy-whitelist/ nobody said it is a good solution and i personally would not do it but if the OP does not want a appliance between the machine and the not by him controlled router there not much left Could the appliance be something running in a virtual machine? -- Michael henne...@web.cs.ndsu.nodak.edu On Monday, I'm gonna have to tell my kindergarten class, whom I teach not to run with scissors, that my fiance ran me through with a broadsword. -- Lily -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Restricting browsers to only listed websites
On Fri, 2013-05-10 at 18:06 +0200, Reindl Harald wrote: but if the OP does not want a appliance between the machine and the not by him controlled router there not much left There are probably browser plugins that could do it (parental controls, perhaps), or the configuring a proxy configuration script, as I mentioned earlier on. For example, of how to actually do that, this website http://www.proxypacfiles.com/proxypac/index.php?option=com_contentview=articleid=54Itemid=83 details the following: -- begin paste -- Blocking sites is also handy. This can be done for a number of reasons – Spyware/malware sites are very good examples Blocking these sites can be done very easily – Simply return a proxy value somewhere on a loopback address so that the requests never actually leave the local machine to take up network bandwidth. The only caveat with this is to ensure that your selection of port number isn’t actually listening on the PC which could odd behavior. if (dnsDomainIs(host, .badspyware.com) || dnsDomainIs(host, .worsespyware2.com)) { return PROXY 127.0.0.1:48890; } -- end paste -- I might add to that and actually run a simple webserver on the same machine that responds to any and all local connection attempts to it. It could respond with an error message saying why it failed, e.g. saying that only the following list of sites are allowed on this machine (and list your allowed sites on the page). -- [tim@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Restricting browsers to only listed websites
Is there a way to allow a machine on the network to only access a small list of websites? I have a fedora 17 machine that is hooked to a tv that I only want to access a couple of sites for movies. This is accessible to everyone and is only to be used as stated. I need the network up. A Cisco router is between the machine and the net that I do not want to reset. (Unauthorized to do so). Any help on this would be appreciated. Dave Sent from my BlackBerry® smartphone powered by Mobilicity -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
RE: Restricting browsers to only listed websites
Remove dns in /etc/resolv and add the sites manually in /etc/hosts? You can still access the sites by ip but dns for things like www.google.com won't work. The sites added must be static ips or that won't work in which case a caching DNS and some restrictions can be done but more of a headache. From: users-boun...@lists.fedoraproject.org [users-boun...@lists.fedoraproject.org] On Behalf Of davidscha...@mobilicity.blackberry.com [davidscha...@mobilicity.blackberry.com] Sent: Thursday, May 09, 2013 8:11 AM To: Community support for Fedora users Subject: Restricting browsers to only listed websites Is there a way to allow a machine on the network to only access a small list of websites? I have a fedora 17 machine that is hooked to a tv that I only want to access a couple of sites for movies. This is accessible to everyone and is only to be used as stated. I need the network up. A Cisco router is between the machine and the net that I do not want to reset. (Unauthorized to do so). Any help on this would be appreciated. Dave Sent from my BlackBerry® smartphone powered by Mobilicity -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Restricting browsers to only listed websites
Sorry about top posting. Bbm won't allow bottom posts. Thanks will try it out. Dave --Original Message-- From: Shelby, James To: davidscha...@mobilicity.blackberry.com To: Community support for Fedora users Subject: RE: Restricting browsers to only listed websites Sent: May 9, 2013 10:14 Remove dns in /etc/resolv and add the sites manually in /etc/hosts? You can still access the sites by ip but dns for things like www.google.com won't work. The sites added must be static ips or that won't work in which case a caching DNS and some restrictions can be done but more of a headache. From: users-boun...@lists.fedoraproject.org [users-boun...@lists.fedoraproject.org] On Behalf Of davidscha...@mobilicity.blackberry.com [davidscha...@mobilicity.blackberry.com] Sent: Thursday, May 09, 2013 8:11 AM To: Community support for Fedora users Subject: Restricting browsers to only listed websites Is there a way to allow a machine on the network to only access a small list of websites? I have a fedora 17 machine that is hooked to a tv that I only want to access a couple of sites for movies. This is accessible to everyone and is only to be used as stated. I need the network up. A Cisco router is between the machine and the net that I do not want to reset. (Unauthorized to do so). Any help on this would be appreciated. Dave Sent from my BlackBerry® smartphone powered by Mobilicity -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org Sent from my BlackBerry® smartphone powered by Mobilicity -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Restricting browsers to only listed websites
Apologies for top posting. Thanks for the suggestion and I would do that if it was the gateway machine. My etc/resolve.conf file has to references to rogers namesaver in it. If I rem out those 2 lines I don't think that machine will go anywhere. I may be wrong on that. Dave --Original Message-- From: Terry Polzin To: davidscha...@mobilicity.blackberry.com To: Community support for Fedora users Subject: Re: Restricting browsers to only listed websites Sent: May 9, 2013 10:31 On Thu, 2013-05-09 at 14:11 +, davidscha...@mobilicity.blackberry.com wrote: Is there a way to allow a machine on the network to only access a small list of websites? I have a fedora 17 machine that is hooked to a tv that I only want to access a couple of sites for movies. This is accessible to everyone and is only to be used as stated. I need the network up. A Cisco router is between the machine and the net that I do not want to reset. (Unauthorized to do so). Any help on this would be appreciated. Dave Sent from my BlackBerry® smartphone powered by Mobilicity Use squid as a proxy maybe? Sent from my BlackBerry® smartphone powered by Mobilicity -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Restricting browsers to only listed websites
thanks for the suggestion about bottom posting and I have tried to do that before. The only version of bbm that works on this phone will not allow it. Also thank you for the info. I did not know this. Dave Sent from my BlackBerry® smartphone powered by Mobilicity -Original Message- From: Reindl Harald h.rei...@thelounge.net Date: Thu, 09 May 2013 16:48:11 To: davidscha...@mobilicity.blackberry.com; Community support for Fedora usersusers@lists.fedoraproject.org Subject: Re: Restricting browsers to only listed websites Am 09.05.2013 16:43, schrieb davidscha...@mobilicity.blackberry.com: Apologies for top posting. instead apologies move your cursor down this is possible even on a mobile Thanks for the suggestion and I would do that if it was the gateway machine. My etc/resolve.conf file has to references to rogers namesaver in it. If I rem out those 2 lines I don't think that machine will go anywhere. I may be wrong on that why? dns is not needed for networking on the technical level enter the domains you need and want to allow to access in /etc/hosts -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
RE: Restricting browsers to only listed websites
Basically you are going to have that system act as its own dns lookup. Any entries you need external will need to be in /etc/host to limit access. From: users-boun...@lists.fedoraproject.org [users-boun...@lists.fedoraproject.org] On Behalf Of davidscha...@mobilicity.blackberry.com [davidscha...@mobilicity.blackberry.com] Sent: Thursday, May 09, 2013 8:43 AM To: Community support for Fedora users Subject: Re: Restricting browsers to only listed websites Apologies for top posting. Thanks for the suggestion and I would do that if it was the gateway machine. My etc/resolve.conf file has to references to rogers namesaver in it. If I rem out those 2 lines I don't think that machine will go anywhere. I may be wrong on that. Dave --Original Message-- From: Terry Polzin To: davidscha...@mobilicity.blackberry.com To: Community support for Fedora users Subject: Re: Restricting browsers to only listed websites Sent: May 9, 2013 10:31 On Thu, 2013-05-09 at 14:11 +, davidscha...@mobilicity.blackberry.com wrote: Is there a way to allow a machine on the network to only access a small list of websites? I have a fedora 17 machine that is hooked to a tv that I only want to access a couple of sites for movies. This is accessible to everyone and is only to be used as stated. I need the network up. A Cisco router is between the machine and the net that I do not want to reset. (Unauthorized to do so). Any help on this would be appreciated. Dave Sent from my BlackBerry® smartphone powered by Mobilicity Use squid as a proxy maybe? Sent from my BlackBerry® smartphone powered by Mobilicity -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Restricting browsers to only listed websites
Not everyone can afford contracts or paying 600 dollars for new gizmos. Sent from my BlackBerry® smartphone powered by Mobilicity -Original Message- From: Reindl Harald h.rei...@thelounge.net Date: Thu, 09 May 2013 17:04:11 To: davidscha...@mobilicity.blackberry.com; Community support for Fedora usersusers@lists.fedoraproject.org Subject: Re: Restricting browsers to only listed websites Am 09.05.2013 16:51, schrieb davidscha...@mobilicity.blackberry.com: thanks for the suggestion about bottom posting and I have tried to do that before. The only version of bbm that works on this phone will not allow it i do not believe this that would mean a device in 2013 would only support TOFU and NOT allow you to edit the quoted text? hardly no and if this is would be really the case give it back to the seller because it is broken and can not be repaired -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Restricting browsers to only listed websites
Allegedly, on or about 09 May 2013, davidscha...@mobilicity.blackberry.com sent: Is there a way to allow a machine on the network to only access a small list of websites? I have a fedora 17 machine that is hooked to a tv that I only want to access a couple of sites for movies. This is accessible to everyone and is only to be used as stated. I need the network up. A Cisco router is between the machine and the net that I do not want to reset. (Unauthorized to do so). Possibly, you could write a proxy.pac file for the browser, and configure the browser to use it to set up its proxy. You'd write the proxy.pac file to allow connections through to specific sites that you list, and then have an or/else kind of response for everything else that just isn't going to make a working connection. Something like the following: function FindProxyForURL(url, host) { if (isPlainHostName(host) || dnsDomainIs(host, .example.com) || dnsDomainIs(host, localhost) || dnsDomainIs(host, .localdomain) || dnsDomainIs(host, .google.com.au) || isInNet (host, 127.0.0.0, 255.255.255.0) || isInNet (host, 192.168.0.0, 255.255.0.0)) return DIRECT; else return PROXY false.or.firewall.address.that.allows.no.traffic.example.com:3128; DIRECT; } If I recall correctly, it's a JavaScript scheme, so there's probably a lot more that you can do with it, if you look up how to write PAC files (proxy access control files). In my case, I was using the file to allow direct connections to the first few listed addresses, and everything else would go through the LAN proxy. You'd either use a blocking proxy, or list an address that was simply not going to respond, therefore connections would fail. Test this out carefully, I suppose that some browsers may eventually give up on a failing-to-respond proxy, and might try bypassing it. - Another solution is a DNS server running on the same machine. You could configure it to forward queries for your allowed domain names to name servers that would provide correct answers, or simply have your name server get the answers, itself. Then use a wildcard record that answered everything else incorrectly (so connection attempts would fail). I've done this the other way around (failing specific addresses and allowing everything else to work normally), but it ought to be possible to do it both ways. The PAC file approach may be simpler. It can simply be a local file on the same computer as the browser. -- [tim@localhost ~]$ uname -rsvp Linux 3.8.8-100.fc17.x86_64 #1 SMP Wed Apr 17 17:15:40 UTC 2013 x86_64 All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. My apologies for not including a virus with this message, but I don't use Windows. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Restricting browsers to only listed websites
Am 09.05.2013 16:43, schrieb davidscha...@mobilicity.blackberry.com: Apologies for top posting. instead apologies move your cursor down this is possible even on a mobile Thanks for the suggestion and I would do that if it was the gateway machine. My etc/resolve.conf file has to references to rogers namesaver in it. If I rem out those 2 lines I don't think that machine will go anywhere. I may be wrong on that why? dns is not needed for networking on the technical level enter the domains you need and want to allow to access in /etc/hosts signature.asc Description: OpenPGP digital signature -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org