Content Filtering - implementation thread to support bounty posted.
-
Yes, my tests on my box show this is intensive. I have it running on a PII-400 with 378mb ram and its no speed demon. (especially since this is all it is doing pretty much) I can easily see how if you wanted to throw a real load at this you would need some serious beef behind it.
Regardless, your points are well taken. The more I work on this, the more I realise this is fairly complex. BTW, webmin has a nice module for tweaking DansGuardian at the moment.
@submicron:
Given all the problems that the squid package, by itself, has had, doing a one-size-fits-all setup with squid+dansguardian is going to be pretty damned hard.
The bounty is now $300 for a generic pc install, plus an additional $400 for an embedded version. It's obvious it isn't going to be easy because no one is jumping at it! ;)
-
Yeah, Content Filtering isn't exactly sexy or interesting and the chances of this turning into a major support nightmare are pretty strong. As I understand it, the squid package annoys Scott immensely, so you can imagine squid coupled with something like Dansguardian.
-
I for their own necessities has maked this
http://forum.pfsense.org/index.php/topic,3111.0.html
I do not know as this place to project (if this it is necessary to any body) -
I for their own necessities has maked this
http://forum.pfsense.org/index.php/topic,3111.0.html
I do not know as this place to project (if this it is necessary to any body)Very interesting. Thanks for sharing your work!
-
I am not quite sure I want to go the route of dansguardian yet. That and I have other more pressing issues.
I personally think squid auth is more important then filtering. That's because of personal and work bias. I have a working squid with auth installation on linux, so if I can migrate it to pfsense in a workable fashion that gets priority.
And my company doesn't bother with filtering. Most dutch people are probably to liberal that the filter would likely end up annoying a lot of people.
Squid with auth means people are not anonymous whilst accessing whatever they normally do. It's not untill a manager puts in a request that we even look at it.
-
Content Filtering can also be done in a more easy way. I know that DansGuardian is a complete and automatic solution but implementing it on a CF is probably not the fastest way to have that option in the embedded version. So… let's look in a different way. At home I have a normal Netgear router. Although verry basic, it has an 'content filter' and a service (port) filter). The content filter is just a tekst box where you can put in words en webadresses. It is time based and you can exclude one ipadres. The service blocker is a port filter and you can block a specific service (https, telnet, Quake, NetMeetink, or numberd tcp, udp, tcp/udp, etc....), is also time-based and ip adres/range based. When somebody try to visit a forbiden site the get a nice message in the explorer.
I think my Soekris 4601 must be powerfull enough to support an option like this and a bit more expanded. Multiple time-schedules, more ipadresses to exclude /include, an option to block all trafic execept a list of specific websites and services (ports). Editable message (html based). The netgear router does also have an option to mail a daily report who violated the rules.I believe that this is a much easier way of contentblocking, faster to implement and a lot quicker available. More importand, enough functionality to support home and small offices.
Who wants to pick up this quest and can come-up with a working solution in let's say 2 month's or so.
Donation 175$
-
that looks to me a lot more work then just make a webinterface for a existing program like dansguardian
-
Dansgaurdian is not as nice as URLfilter - http://www.urlfilter.net/. I have used both on IPCop before and URLfilter is much easier and seems faster. At least on the same hardware it seemed to not load it down as much. Also there are some nice additional add-ons that go with it.
-
Possible make several alternative packages, but I do not see as created packages possible to install without change(modification) the code pfsense.
May be a developers will add possibility to indicate other catalogues(directories) a package from GUI? -
Once more redirector for squid _http://www.rejik.ru/index_en.html
Very popular redirector project in .RU zone -
i use squid as my content filter already.. I believe the biggest issue would be to build a gui for it.. just do a search on bsd + transparent squid proxy…