>Hello, I am looking for a solution to control the ability of blocking
>websites, or shall I say block all and allow certain authorised websites. I
>like the compactness of M0N0Wall, and I am wondering if there is a way of
>doing this with this system. Any ideas?
IMO, it would be really painstaking to do this using m0n0wall. MW is
great for what it was meant to do.
The better way would be to use MW to block all out-going traffic on port
80 (and any other proxy-specific ports if you *really* want to lock down
your nework and prevent connections to outside "public proxy servers"
from savvy internal users -- ports like 3128, 8080 and 6588). Then set
up a proxy server to proxy allowed requests for your internal users. It
sounds also like you are wanting to run a "whitelist" proxy server.
Squid works great for this and will run on commodity hardware (somewhat
-- memory and hard-drive space are somewhat at issue depending on the
traffic you want to proxy). If you want something a bit more flexible
than a whitelist proxy server, look into Dan's Guardian. DG and Squid
can be made to work together also.
I run a whitelist Squid proxy server at home on a mini ITX footprint
machine that is *almost* as compact as MW on Soekris. See
http://www.mini-itx.com and look at their self-build Cupid boxes for an
example of what I'm talking about. (I didn't buy mine from that site
however.) Very nice solution and leaves MW to do the firewalling work
and my Squid box to do the proxying work. This is the solution I would
(I just saw you are in the UK; http://www.mini-itx.com is UK based,
ironically so it could make sense for you to use them if you decide to
go this route.)
chris at technologEase dot com