How to block porn sites from iptables

1,138 views
Skip to first unread message

Prabin jha

unread,
Jan 24, 2012, 10:02:14 PM1/24/12
to FOSS Nepal
Can any body help me, Is there any way to block all porn sites from
linux iptables ??

Lava Kafle

unread,
Jan 24, 2012, 11:23:15 PM1/24/12
to foss-...@googlegroups.com
It looks impossible to me becuase Those IPs can variate proxied ..
Lava Kafle
Ms by Research in Computer Science 
Kathmandu University
cell: 
9841224387
9001034557





On Wed, Jan 25, 2012 at 8:47 AM, Prabin jha <foss...@gmail.com> wrote:
iptables

Gaurav Ghimire

unread,
Jan 24, 2012, 11:44:15 PM1/24/12
to foss-...@googlegroups.com
Practically its impossible. I would suggest you use a proxy server along with a web filter and use iptables to block generic outbound ports that might provide a way to bypass the filter.. Dansguardian combined with squid is generally used for the purpose.

--gaurav

On Jan 25, 2012, at 8:47 AM, Prabin jha wrote:

> Can any body help me, Is there any way to block all porn sites from
> linux iptables ??
>

> --
> FOSS Nepal mailing list: foss-...@googlegroups.com
> http://groups.google.com/group/foss-nepal
> To unsubscribe, e-mail: foss-nepal+...@googlegroups.com
>
> Mailing List Guidelines: http://wiki.fossnepal.org/index.php?title=Mailing_List_Guidelines
> Community website: http://www.fossnepal.org/

Samar Dhwoj Acharya

unread,
Jan 25, 2012, 9:51:58 AM1/25/12
to FOSS Nepal
Practically, this is nearly impossible. Just think: How many porn
websites are out there? It would be practically impossible to drop
packets of every such porn websites even if you wrote an automated
script to do so. Many filtering systems implement web proxy system
with a generic list of banned websites and also make use of keyword
based system. But again, even if the filtering systems implemented
multiple level of blocking, people have found the ways to break
through such blockings(as in case of cleanfeed). I've heard McAfee Web
Gateaway and Barracuda Web Security Flex are good products. All I have
to say is using iptables to block porn websites would not be
effective. This site lists some content filtering softwares but not
all. http://www.timberlinetechnologies.com/products/contentfilt.html

And remember security practice is merely a process of decreasing the
probability of unwanted actions(& its effect) to the system.

Suraj Sapkota

unread,
Jan 25, 2012, 12:13:34 PM1/25/12
to foss-...@googlegroups.com
Prabin,
1. Use openDNS parental control. Setup these IP as DNS server for your network: 208.67.222.222 and 208.67.220.222
2. Using iptables at your gateway, filter out all the request in port 53 except the above two ips. 
3. After this only the folks with IP can open up the porn sites. Watch out for hackers within your network ;)


Alternatively you can install dansguardian as suggested by Gaurav.


On Wed, Jan 25, 2012 at 8:32 AM, Prabin jha <foss...@gmail.com> wrote:
Can any body help me, Is there any way to block all porn sites from
linux iptables ??

Abhishek Singh

unread,
Jan 25, 2012, 11:42:37 PM1/25/12
to foss-...@googlegroups.com
I would suggest a combination of iptables + squid + dansguardian. OpenDNS, as Suraj suggested is a good way too. You can use iptables or squid to block specific websites that you know. In addition squid supports a regex way for filtering websites that shall help a lot. Dansguardian is a content filter which you can customize (through configurations) to block out many materials related to pornography and vandalism.

But all these security measures can be circumvented if a vpn or web proxy is used.

-- 
Abhishek Singh
FOSS Nepal Community
http://wiki.fossnepal.org
signature.asc

prabin jha

unread,
Jan 27, 2012, 12:00:30 AM1/27/12
to foss-...@googlegroups.com
Thanks for your valuable time and supports 
--
Prabin  Jha
KCC-FOSS-Community
foss...@gmail.com
prabi...@dps.edu.np
naturalfa...@yahoo.com
naturalfa...@hotmail.com
Reply all
Reply to author
Forward
0 new messages