On Thu, 2009-01-22 at 09:38 +0100, roland wrote: > The client wants to prevent users to connect to sex sites. > > Can I use the fedora-box as a firewall, filtering several url's or > filtering several keywords? You can do that sort of thing. A simplistic overview of how is: Use the firewall to block direct the browsers directly connecting to any website (i.e. all outgoing connections to port 80). That'll stop nearly all web browsing, other than sites on other unusual ports. It's not a 100% catchall, but probably 99%. Run a proxy (e.g. Squid) with rules about what can't be connected too. You can configure it with naughty keywords, or find another package that prepares it for you, perhaps even keeping it updated automatically. Since the users aren't able to directly browse the web, they're stuck with using your controlled proxy. Nothing's a 100% certainty, though. Some people will find a way to bypass restrictions, no matter what you try. So they'd need well defined punitive methods so they can do something else to infringers. Some sites will still be accessible, despite your best efforts, this has always been the case, and always will be. Some *okay* sites will get blocked; again, this has always been the case. Make damn sure that their important clients's websites don't get blocked. You probably want to do them another favour, and learn about how to filter crap out of their incoming mail. And, if they're paranoid about treachery, how to look for confidential company files being emailed out, and block them, too. -- [tim@localhost ~]$ uname -r 2.6.27.9-73.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
