Mr Paul J Ogilvie wrote:
>Does anyone know if there is some sort of web filter that can be added to
>m0n0wall? We are looking to add in the ability to deny access to certain
>websites based on either name or content, to the all already rock solid
>abilities of the m0n0wall. Any ideas or suggestions?
The key to network-based defense is /divide et impera/ -- "divide and
conquer." A layered approach is best on several fronts. Let your
firewall doing the firewalling and for web filtering, use/build a web
filtering appliance. It's rather easy to build a very nice Squid proxy
server using the mini-itx footprint (with Webmin for the front-end
management). For white-list proxying, Squid works rather well. For
rules-based filtering, Dan's Guardian (which can work in conjunction
with Squid) is hard to beat:
http://www.mini-itx.com (state-side, it's a lot cheaper to buy these
through state-side retailers -- Google for them)
Set m0n0wall to block all out-going traffic on ports 80, 8080, 6588 and
3128. Point your browsers to your internal proxy server and punch a
hole for your web filtering appliance. Transparent proxying can be
handled using m0n0wall and another box (using netfilter, for example).
MW alone will not provide transparent proxying.
I run all this at home (10 clients -- WinXP, W2K, MacOSX, Linux) and
it's ROCK SOLID. Commercial grade, centralized firewall (MW) and web
filtering protection (Squid/Dan's Guardian) for the entire family...
Puts the gimicky stuff you see at Best Buy and Circuit City to shame.
chris at technologEase dot com