From owner-freebsd-questions  Thu Oct  4  3:30:23 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from carbon.btinternet.com (carbon.btinternet.com [194.73.73.92])
	by hub.freebsd.org (Postfix) with ESMTP id 9C2C737B405
	for <freebsd-questions@freebsd.org>; Thu,  4 Oct 2001 03:30:20 -0700 (PDT)
Received: from [217.35.26.219] (helo=marvin.penguinpowered.org.uk)
	by carbon.btinternet.com with esmtp (Exim 3.22 #6)
	id 15p5lg-000379-00; Thu, 04 Oct 2001 11:30:16 +0100
Received: from [192.168.10.11] (helo=pan.realtime.co.uk)
	by marvin.penguinpowered.org.uk with esmtp (Exim 3.22 #1)
	id 15p5fb-00038C-00; Thu, 04 Oct 2001 11:23:59 +0100
Received: from waynep by pan.realtime.co.uk with local (Exim 3.22 #1)
	id 15p5kJ-0000R4-00; Thu, 04 Oct 2001 11:28:51 +0100
From: Wayne Pascoe <wayne.pascoe@ehsrealtime.com>
To: Dale Chulhan - Home <dchulhan@uwi.tt>
Cc: freebsd-questions@freebsd.org
Subject: Re: Network -> Internet Filtering
References: <3BBC3939.32AD020@uwi.tt>
Reply-To: wayne.pascoe@ehsrealtime.com
Date: 04 Oct 2001 11:28:51 +0100
In-Reply-To: <3BBC3939.32AD020@uwi.tt>
Message-ID: <86g08zbsws.fsf@pan.home.penguinpowered.org.uk>
Lines: 31
User-Agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.1 (Cuyahoga Valley)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Dale Chulhan - Home <dchulhan@uwi.tt> writes:

> Dear List,
> 
> I currently have several labas at a school attached to one interface of
> my checkpoint firewall and I was wondering the following:
> 
> 1) What's the best method to automatically deny an ip address access
> from the internet when certain keywords are matched
> 2) How can I limit groups of sites by time?
> 3) How can I filter content by type ( say .mp3, .pdf etc.... ) by time
> and group?
> 4) How can I filter downloaded file sizes by type by time and group?
> 5) How can I throttle bandwitdh on a per IP basis?

I would suggest that you look at squid as a proxy server in the first
instance. Have your firewall transparantly redirect all outgoing
traffic to port 80 or 21 to the proxy server. Let the proxy server
handle the requests. This will also save bandwidth when many people
view the same site.

I don't really know about keywords, but squid is quite configurable.

For the bandwidth throttling, see the other discussions here about
fair bandwidth sharing.

-- 
Wayne Pascoe <wayne.pascoe@ehsrealtime.com>

Things fall apart; the center cannot hold;
Mere anarchy is loosed upon the world. - Yeats

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message