Date: Mon, 8 Oct 2001 19:06:16 +0200 From: Alson van der Meulen <alm@flutnet.org> To: FreeBSD Questions <FreeBSD-questions@FreeBSD.ORG> Subject: Re: Network -> Internet Filtering Message-ID: <20011008190616.D24409@md2.mediadesign.nl> In-Reply-To: <3BBFA1BB.83DE94D7@uwi.tt> References: <3BBFA1BB.83DE94D7@uwi.tt>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Oct 06, 2001 at 08:28:43PM -0400, Dale Chulhan - Home wrote: > I currently have several labas at a school attached to one interface of > my checkpoint firewall and I was wondering the following: > > 1) What's the best method to automatically deny an ip address access > from the internet when certain keywords are matched > 2) How can I limit groups of sites by time? > 3) How can I filter content by type ( say .mp3, .pdf etc.... ) by time > and group? > 4) How can I filter downloaded file sizes by type by time and group? Download sizes is the only thing you can't control AFAIK, only the max size of files the proxy will _cache_. But just limitting bandwidth to some low value per IP should prevent large downloads ;) > 5) How can I throttle bandwitdh on a per IP basis? Have a look at the 'oops' proxy server (/usr/ports/www/oops). The only way to do filtering on HTTP level is running a proxy server (possibly transparant) and _not_ NATting HTTP traffic. Oops' ACLs can match by time, url regular expresion, port, destination domain, destination domain regexp, source ip and time. You can combine multiple ACLs in a acl_deny statement. IIRC, squid can also do these things, except bandwidth limitting. You could also throttle bandwidth using dummynet, though I'm not sure if you can control _per IP_ bandwidth with dummynet. -- ,-------------------------------------------. > Name: Alson van der Meulen < > Personal: alson@flutnet.org < > School: alson@gymnasiumleiden.nl < `-------------------------------------------' hey, what does mkfs do? --------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011008190616.D24409>