Date: Sat, 07 Jul 2007 17:08:32 -0400 From: Steve Bertrand <iaccounts@ibctech.ca> To: Jeffrey Goldberg <jeffrey@goldmark.org> Cc: RW <fbsd06@mlists.homeunix.com>, "freebsd-questions@freebsd.org List" <freebsd-questions@freebsd.org> Subject: Re: parental control with squid and dansguardian Message-ID: <469000D0.2010207@ibctech.ca> In-Reply-To: <5F454B70-73EE-442F-BA4A-5833920953CF@goldmark.org> References: <28511e606938ca3af6624a90fa5798e9@szalbot.homedns.org> <20070706203359.411e7416@gumby.homeunix.com.> <5F454B70-73EE-442F-BA4A-5833920953CF@goldmark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Jeffrey Goldberg wrote: > On Jul 6, 2007, at 2:33 PM, RW wrote: >> If this box is not the gateway, there is no point in doing anything >> about this because they can simply turn-off proxying and go direct to >> the internet. > > However, on your gateway you can specify that only the proxy box is > allowed to connect to the web. That is block all outbound traffic to > ports 80 and 443 unless they come from the machine running squid. This is of course granted that the gateway has a strict firewall rule set that allows minimal, known destination ports and by default would block external, free proxies (and anything else) that run on unusual ports (eg: 50001) as someone else suggested. Steve
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?469000D0.2010207>