|
||||||||||
Mr Paul J Ogilvie wrote: >Does anyone know if there is some sort of web filter that can be added to >m0n0wall? We are looking to add in the ability to deny access to certain >websites based on either name or content, to the all already rock solid >abilities of the m0n0wall. Any ideas or suggestions? > > > The key to network-based defense is /divide et impera/ -- "divide and conquer." A layered approach is best on several fronts. Let your firewall doing the firewalling and for web filtering, use/build a web filtering appliance. It's rather easy to build a very nice Squid proxy server using the mini-itx footprint (with Webmin for the front-end management). For white-list proxying, Squid works rather well. For rules-based filtering, Dan's Guardian (which can work in conjunction with Squid) is hard to beat: http://www.mini-itx.com (state-side, it's a lot cheaper to buy these through state-side retailers -- Google for them) http://www.squid-cache.org http://dansguardian.org Set m0n0wall to block all out-going traffic on ports 80, 8080, 6588 and 3128. Point your browsers to your internal proxy server and punch a hole for your web filtering appliance. Transparent proxying can be handled using m0n0wall and another box (using netfilter, for example). MW alone will not provide transparent proxying. I run all this at home (10 clients -- WinXP, W2K, MacOSX, Linux) and it's ROCK SOLID. Commercial grade, centralized firewall (MW) and web filtering protection (Squid/Dan's Guardian) for the entire family... Puts the gimicky stuff you see at Best Buy and Circuit City to shame. HTH, -chris ----- chris olive chris at technologEase dot com |