[clug-talk] RE: Internet Filtering

Gustin Johnson gustin at echostar.ca
Sun Sep 11 04:02:52 PDT 2005

You need iptables to force all outbound traffic through dansguardian, 
or else it
is trivial to bypass.  With an iptables firewall you set up an invisible proxy
so that all outbound traffic is redirected through dansguardian.  ALso, with
dansguardian on the firewall if anyone brings a laptop over or boots your
computer with knoppix, dansguardian is still used.

Just some of my thoughts.
No trees were harmed in the transmission of this message, however a 
large number
of electrons were seriously inconvenienced.

Quoting Mike Bougie <mike.bougie at gmail.com>:

> I'm leaning more towards the dansguardian side as I already have a
> DLink router with hardware firewall built into it and see no reason to
> change that.
> Furthermore, what I'm requiring isn't a firewall, but a
> "Dont'GoThereWall" so to speak. I need something that will identify a
> targeted site as unsuitable for a family and block access. Also, it'd
> be swell if a log was created and e-mail to a user's account. :P
> Am I right in thinking that dansguardian is what I'm looking for?
> ~Mike
> On 9/9/05, Jarrod Major <jmajor at nucleus.com> wrote:
>> On Friday 09 September 2005 11:39 am, Greg King wrote:
>> > identity port open). The power bill alone for a PC based firewall left
>> > running 24x7 for a reasonable amount of time is probably greater than the
>> > purchase price of this device, which operates with very low power
>> > requirements.
>> >
>> > It's not as interesting to setup/ tweak, but it is very cheap to own and
>> > operate.
>> I'm not going to disagree with you, a hardware firewall/router is a 
>> good cheap
>> way of protecting yourself.
>> It would be nice to see one of the smaller form factor devices put to
>> something like this task. Such a computer would have much less power
>> requirements than a full-blown computer system. As Dave mentioned 
>> you can run
>> headless so this would cut down on some power consumption. My system is a
>> P266 with like a 1 or 2 Gb hard drive, you don't need much more than 
>> 40Mb for
>> the install and the rest is for logs. It's an older pwer supply so I imagine
>> it's something in the neighbourhood of 250W instead of the >400W ps's out
>> now. I use a KVM for my IPCop box and my server and I usually have the
>> monitor turned off.
>> I would dearly love to run this on something like Gumstix or one of those
>> custom tiny computers. However, size comes at a price. You can't beat the
>> deal your son got, that's awesome! Furthermore, companies like DLink and
>> Linksys release firmware updates to their devices from time to time so you
>> might see some additional features added down the road.
>> Shawn's comment is viable, a lot of us have an old system kicking 
>> around that
>> are quite suitable to the task so the initial outlay of cash is nil. 
>> It's the
>> cost of power that would become significant over time. Ah, to have all high
>> efficiency devices would be a nice thing.
>> Valid points Greg, thanks for the reminder.
>> --
>> Jarrod Major
>> GPG Fingerprint: 4556 EFA8 EC69 7C54 EE33  C881 2C7C 0E10 2439 231E
>> _______________________________________________
>> clug-talk mailing list
>> clug-talk at clug.ca
>> http://clug.ca/mailman/listinfo/clug-talk_clug.ca
>> Mailing List Guidelines (http://clug.ca/ml_guidelines.php)
>> **Please remove these lines when replying
> --
> Mike Bougie
> http://mikeandrose.blogspot.com
> Linux User 394239
> 697D3 F03C9 455B5 98819 9A83A 10F5C 4A710 34A0A
> _______________________________________________
> clug-talk mailing list
> clug-talk at clug.ca
> http://clug.ca/mailman/listinfo/clug-talk_clug.ca
> Mailing List Guidelines (http://clug.ca/ml_guidelines.php)
> **Please remove these lines when replying

This message was sent using Echostar Secure Webmail

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: PGP Digital Signature
Url : /pipermail/clug-talk_clug.ca/attachments/20050911/babb3215/attachment.bin

More information about the clug-talk mailing list