Find the answer to your Linux question:
Results 1 to 4 of 4
I'm attempting to configure a Linux (or BSD) box to filter web access. What I need to do is block all web traffic and whitelist certain domains and ip addresses ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Sep 2003
    Location
    New Jersey, USA
    Posts
    94

    Firestarter vs. Smoothwall? Squid? PFsense?


    I'm attempting to configure a Linux (or BSD) box to filter web access. What I need to do is block all web traffic and whitelist certain domains and ip addresses that are allowed to be accessed. I've been searching around the internet trying to discover my options and pinpoint a starting location. I've come across many, many different utilities and programs that seem to be able to help me accomplish my goal. My problem is that I'm a little inundated; I don't know where to start. Ideally, I suppose learning iptables (or the BSD equivalent) would be the best idea but I can't see spending all that time when I won't be using this on a daily basis.

    Long story short, can someone help point me in the right direction? Based on what I'm trying to do, can anyone recommend a program or utility? I'm perfectly willing to learn something new but I refuse to struggle with poor documentation.

  2. #2
    Linux Engineer Segfault's Avatar
    Join Date
    Jun 2008
    Location
    Acadiana
    Posts
    878
    Squid+Dansguardian

    Of course, it depends on how big is your whitelist. Playing with local DNS is probably the simplest but not the strongest measure.

  3. #3
    Just Joined!
    Join Date
    Sep 2003
    Location
    New Jersey, USA
    Posts
    94
    Quote Originally Posted by Segfault View Post
    Of course, it depends on how big is your whitelist.
    The whitelist will be about 4 dozen domains and IP addresses. To what extent does the size of the list matter? Is there a limit to the size of the list?

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Engineer Segfault's Avatar
    Join Date
    Jun 2008
    Location
    Acadiana
    Posts
    878
    Simplest is not to use DNS and resolve whitelisted domains using local /etc/hosts file in workstations. This file exists even in Windows, I think.
    Second simplest is to configure the DNS on your LAN to resolve only whitelisted domains.
    These measures do not help to deny access if user is smart enough to use IP addresses, though.
    Using a restrictive proxy and not doing NAT is secure and more elegant solution.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •