[ previous ] [ next ] [ threads ]
 From:  Chris Olive <chris at technologEase dot com>
 To:  Mr Paul J Ogilvie <support at stmc dot bc dot ca>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Website Filtering Plug-in?
 Date:  Thu, 09 Sep 2004 13:01:40 -0400
Mr Paul J Ogilvie wrote:

>Does anyone know if there is some sort of web filter that can be added to
>m0n0wall?  We are looking to add in the ability to deny access to certain
>websites based on either name or content, to the all already rock solid
>abilities of the m0n0wall.  Any ideas or suggestions?
The key to network-based defense is /divide et impera/ -- "divide and 
conquer."  A layered approach is best on several fronts.  Let your 
firewall doing the firewalling and for web filtering, use/build a web 
filtering appliance.  It's rather easy to build a very nice Squid proxy 
server using the mini-itx footprint (with Webmin for the front-end 
management).  For white-list proxying, Squid works rather well.  For 
rules-based filtering, Dan's Guardian (which can work in conjunction 
with Squid) is hard to beat:

http://www.mini-itx.com (state-side, it's a lot cheaper to buy these 
through state-side retailers -- Google for them)

Set m0n0wall to block all out-going traffic on ports 80, 8080, 6588 and 
3128.  Point your browsers to your internal proxy server and punch a 
hole for your web filtering appliance.  Transparent proxying can be 
handled using m0n0wall and another box (using netfilter, for example).  
MW alone will not provide transparent proxying.

I run all this at home (10 clients -- WinXP, W2K, MacOSX, Linux) and 
it's ROCK SOLID.  Commercial grade, centralized firewall (MW) and web 
filtering protection (Squid/Dan's Guardian) for the entire family...  
Puts the gimicky stuff you see at Best Buy and Circuit City to shame.

chris olive
chris at technologEase dot com