How to block porn sites from iptables

[Prabin jha]

Can any body help me, Is there any way to block all porn sites from
linux iptables ??

[Lava Kafle]

It looks impossible to me becuase Those IPs can variate proxied ..
Lava Kafle
Ms by Research in Computer Science 

Kathmandu University
cell: 

9841224387
9001034557

On Wed, Jan 25, 2012 at 8:47 AM, Prabin jha <foss...@gmail.com> wrote:

iptables

[Gaurav Ghimire]

Practically its impossible. I would suggest you use a proxy server along with a web filter and use iptables to block generic outbound ports that might provide a way to bypass the filter.. Dansguardian combined with squid is generally used for the purpose.

--gaurav

On Jan 25, 2012, at 8:47 AM, Prabin jha wrote:

> Can any body help me, Is there any way to block all porn sites from
> linux iptables ??
>

> --
> FOSS Nepal mailing list: foss-...@googlegroups.com
> http://groups.google.com/group/foss-nepal
> To unsubscribe, e-mail: foss-nepal+...@googlegroups.com
>
> Mailing List Guidelines: http://wiki.fossnepal.org/index.php?title=Mailing_List_Guidelines
> Community website: http://www.fossnepal.org/

[Samar Dhwoj Acharya]

Practically, this is nearly impossible. Just think: How many porn
websites are out there? It would be practically impossible to drop
packets of every such porn websites even if you wrote an automated
script to do so. Many filtering systems implement web proxy system
with a generic list of banned websites and also make use of keyword
based system. But again, even if the filtering systems implemented
multiple level of blocking, people have found the ways to break
through such blockings(as in case of cleanfeed). I've heard McAfee Web
Gateaway and Barracuda Web Security Flex are good products. All I have
to say is using iptables to block porn websites would not be
effective. This site lists some content filtering softwares but not
all. http://www.timberlinetechnologies.com/products/contentfilt.html

And remember security practice is merely a process of decreasing the
probability of unwanted actions(& its effect) to the system.

[Suraj Sapkota]

Prabin,

1. Use openDNS parental control. Setup these IP as DNS server for your network: 208.67.222.222 and 208.67.220.222

2. Using iptables at your gateway, filter out all the request in port 53 except the above two ips. 

3. After this only the folks with IP can open up the porn sites. Watch out for hackers within your network ;)

Alternatively you can install dansguardian as suggested by Gaurav.

On Wed, Jan 25, 2012 at 8:32 AM, Prabin jha <foss...@gmail.com> wrote:

Can any body help me, Is there any way to block all porn sites from
linux iptables ??

--
FOSS Nepal mailing list: foss-...@googlegroups.com
http://groups.google.com/group/foss-nepal
To unsubscribe, e-mail: foss-nepal+...@googlegroups.com

Mailing List Guidelines: http://wiki.fossnepal.org/index.php?title=Mailing_List_Guidelines
Community website:

http://www.fossnepal.org/

--
Suraj Sapkota
PicoVico.com

ssapkota@{twitter,flickr,gmail}

[Abhishek Singh]

I would suggest a combination of iptables + squid + dansguardian. OpenDNS, as Suraj suggested is a good way too. You can use iptables or squid to block specific websites that you know. In addition squid supports a regex way for filtering websites that shall help a lot. Dansguardian is a content filter which you can customize (through configurations) to block out many materials related to pornography and vandalism.

But all these security measures can be circumvented if a vpn or web proxy is used.

-- 
Abhishek Singh
FOSS Nepal Community
http://wiki.fossnepal.org

[prabin jha]

Thanks for your valuable time and supports 

--
Prabin  Jha
KCC-FOSS-Community
foss...@gmail.com
prabi...@dps.edu.np
naturalfa...@yahoo.com
naturalfa...@hotmail.com