From owner-freebsd-questions@FreeBSD.ORG Sun Jun 3 05:56:19 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 88CBC16A41F for ; Sun, 3 Jun 2007 05:56:19 +0000 (UTC) (envelope-from spap13@googlemail.com) Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.180]) by mx1.freebsd.org (Postfix) with ESMTP id 5E22A13C43E for ; Sun, 3 Jun 2007 05:56:14 +0000 (UTC) (envelope-from spap13@googlemail.com) Received: by wa-out-1112.google.com with SMTP id m33so1353453wag for ; Sat, 02 Jun 2007 22:56:14 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=googlemail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=toaVqniWXHJccKhYrDhX7Qhx7yQ6HpXxZSVyUCg0iC4KllN9brOlA1Nd2E7jzbI4ON5DuYZJDuGbwPtH8K05FQVqQcga5fRgHG2STCr+IjcngLEJLlx7d3KS/8E8k8ZRBVa5iw/e3E5DfMNDvzkCXzcf474idk38Ce3wspIFocc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=k4WydJxtED5xGFAQzzdQeQ2ev3i/BX11v6P/3eLXblMuclYI27yJdmtOL5QF79kZvqLAkphoRsmz2+U918yNoWtW9Exp9wg51G5qwK0UA4hSMww2vBswEWF1jDetGTieKrstx1O/HaD7xMVTHJpZQ0sEXZqcslkXZBK1fBhxEjw= Received: by 10.115.61.1 with SMTP id o1mr3520205wak.1180850173705; Sat, 02 Jun 2007 22:56:13 -0700 (PDT) Received: by 10.114.79.6 with HTTP; Sat, 2 Jun 2007 22:56:13 -0700 (PDT) Message-ID: Date: Sun, 3 Jun 2007 01:56:13 -0400 From: "Spiros Papadopoulos" To: RW , "Steve Bertrand" , "Ted Mittelstaedt" In-Reply-To: MIME-Version: 1.0 References: <20070601132317.214026bc@gumby.homeunix.com.> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd mailing list Subject: Fwd: Squid and IPFW X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Jun 2007 05:56:19 -0000 Sorry, forgot to add the list... Hi again, On 01/06/07, RW wrote: > > > Are you really sure you want to do that way? I am sure about me wanting to use FreeBSD and i am sure about me liking IPFW. *I am not sure* if it is the best way of doing this, but i believe that if you know how to setup the system and IPFW appropriately, then it can be a very good firewall solution. I am also sure that if you setup sth like this from scratch and you are not an expert, it would need time before it becomes strong enough. I am not an expert and unfortunately my time is being shared between multiple things at the moment, even though I would like to concentrate only on this... Squid wont be able to > control access to https or ftp. And what about http on non-standard > ports, e.g. http://easynews.com:81 These are consequent questions. What would you recommend on this? As i mentioned I sent this post quite in advance. Before i start setting up. > without setting this on each workstation? > > http://wiki.squid-cache.org/SquidFaq/ConfiguringBrowsers has some options It is not for a home network. I wouldn't want to have to set each workstation' s browser settings. Especially since there is another way of doing this. On 02/06/07, Steve Bertrand wrote: > > > > The people that are smart enough to get around this kind of a block > > in an organization are generally not the problem. It is the morons that > > have no concept of appropriate use of the Internet in the workplace > > who are the problems, and they will be effectively stopped. :o) I agree with Ted here. It's the innapropriate web surfers who are the > main problem, however, traffic filters will catch people using odd > ports, and firewall rules are there to fix this. I know from experience and is a fact, that traffic/packet filters can be used effectively to strengthen the firewall rules. > I use much the same setup for my 8 year old son. He only gets Internet > > access to websites that we have approved and added to the squid list. > > May I make a recommendation for DansGuardian for home users. I have used > it for a few years now, and instead of maintaining just a single list of > allowed sites, it does a fantastic job of filtering the actual content, > images, url's and a bunch of other things. > > Of course physical observance is the best approach, but the > Squid/Dansguardian approach works exceptionally well when you have to > walk away. (I have 4 kids ranging from 5 to 13). Kids feel "at home" when they are at home. They wouldn't hesitate to type i.e sex.com or do anything else on *their* browser! Most employers (especially those morons that don't know what they do) would hesitate, for many obvious reasons that don't need to be mentioned here. ..I am not disregarding or commenting on Dansguardian here, which i haven't personally used. Spiros -- Spiros P.