[olug] Network filtering with ipchains
Vincent
vraffensberger at home.com
Fri Jun 15 22:52:11 UTC 2001
My suggestion is to run squid as a http proxy (very easy). Then make a rule
to forward all http from the internal interface to the proxy server.
Once that is done, have the squid logs mailed to you. There are many log
reporting tools for squid...
Just let them know that YOU know where they have been on the internet.
Seems like a logical deterrent, but I'm not a parent and who know with
kids!?
This rule would work:
iptables -t nat -A PREROUTING -i eth1 -tcp --dport 80 -j DNAT --to
192.168.1.1:8080
iptables -t nat -A PREROUTING -i eth1 -tcp --dport 443 -j DNAT --to
192.168.1.1:443
----- Original Message -----
From: "Phil Brutsche" <pbrutsch at creighton.edu>
To: <olug at bstc.net>
Sent: Friday, June 15, 2001 5:23 PM
Subject: Re: [olug] Network filtering with ipchains
> Quoting Jon <thechunk at thechunk.dhs.org>:
>
> > I am curious again about ipchains / iptables. I know you guys have to
> > be getting tired of my questions.
>
> Nah, never!
>
> > Anyway I have a computer for my kids and would like to block all
outgoing
> > traffic from there computer to the internet but still have them on my
> > internal network.
>
> iptables -A output -s <IP of the computer to block> -j REJECT
>
> > OK that is the first step. The second part is I would like to open
> > connections for them to parent "approved" sites that we deem worthwhile
/
> > acceptable for them.
>
> That's a tricky issue (who do you trust to "approve" sites?) as well as
totally
> unrelated to netfilter.
>
>
> Phil
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: olug-unsubscribe at bstc.net
> For additional commands, e-mail: olug-help at bstc.net
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: olug-unsubscribe at bstc.net
For additional commands, e-mail: olug-help at bstc.net
More information about the OLUG
mailing list