[Pfilter-users] Re: pfilter
Brought to you by:
ngorsuch
Menu
▾
▴
[Pfilter-users] Re: pfilter
|
From: Neil G. <ngo...@nc...> - 2002-01-20 00:23:41
|
You could do content filtering of web accesses by doing some fancy packet filtering, but it wouldn't work very well. Packet filtering under 2.4 kernels now support matching based on arbitrary string matches, but it would be kludgy at best (Imagine having to drop all packets having to do with barnyard or fairy tales that have "cock-a-doodle-doo" because of the first 4 characters matching). It would also be awkward to drop packets in the middle of a web connection, the browser would just see a time-out. I would suggest using either an annoying proxy, a plug-in for windows computers, or turning on the ratings stuff in internet explorer. Just remember that any kind of filtering, will only work on a certain percentage of bad sites (hard to interpret picture content), and will falsely block some good sites. But that may be better than no filtering, depending on what your audience and goals are. Sorry I can't be more help. At 09:00 PM 1/16/2002 -0600, you wrote: >I'm kinda new to the whole iptables thing but I'm looking >for a way to do content filtering on www pages on my >firewall using ip masquerade. I don't want an intrusive >proxy server but I would like to filter content and block >sites which have potentially offensive content. This >server will operate at a school. > >Is pfilter something which can help me implement this and >if so how? |
