Re: firewall url filter

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2009-01-22 at 09:38 +0100, roland wrote:
> The client wants to prevent users to connect to sex sites.
>
> Can I use the fedora-box as a firewall, filtering several url's or  
> filtering several keywords?

You can do that sort of thing.  A simplistic overview of how is:

Use the firewall to block direct the browsers directly connecting to any
website (i.e. all outgoing connections to port 80).  That'll stop nearly
all web browsing, other than sites on other unusual ports.  It's not a
100% catchall, but probably 99%.

Run a proxy (e.g. Squid) with rules about what can't be connected too.
You can configure it with naughty keywords, or find another package that
prepares it for you, perhaps even keeping it updated automatically.  
Since the users aren't able to directly browse the web, they're stuck
with using your controlled proxy.

Nothing's a 100% certainty, though.  Some people will find a way to
bypass restrictions, no matter what you try.  So they'd need well
defined punitive methods so they can do something else to infringers.
Some sites will still be accessible, despite your best efforts, this has
always been the case, and always will be.  Some *okay* sites will get
blocked; again, this has always been the case.  Make damn sure that
their important clients's websites don't get blocked.

You probably want to do them another favour, and learn about how to
filter crap out of their incoming mail.  And, if they're paranoid about
treachery, how to look for confidential company files being emailed out,
and block them, too.


-- 
[tim@localhost ~]$ uname -r
2.6.27.9-73.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.



-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux