Dan's Guardian and Fedora
Matthew Miller
mattdm at mattdm.org
Mon Feb 14 19:03:08 UTC 2005
On Mon, Feb 14, 2005 at 01:14:11PM -0500, Matt Morgan wrote:
> For one thing, the whole setup seems to assume that Squid and DG are
> running on a proxy server that sits in between the browsing machine
> and the internet. I hoped I could set it all up on the desktop,
> without having a separate machine between the desktop and the
> internet. Does anyone know if that's possible?
I believe that you could use the 'owner' module of iptables (see the man
page). (Probably the safest thing to do is block *everything* but allow
traffic out from squid proxy command only (using owner --cmd-owner
/usr/sbin/squid).
Note that I've never tried this, let alone done it. :)
The gateway machine setup is certainly more failsafe.
> For another: DG didn't seem to offer automatic updated banned-site and
> banned-content lists. In fact, I couldn't figure out much about that,
> at all. There are no banned sites at all listed in the config that
> results from the yum install (as far as I can tell).
You can probably find some at <http://peacefire.org/>. :)
--
Matthew Miller mattdm at mattdm.org <http://www.mattdm.org/>
--> Fedora Users & Developers Conference, hosted by Boston University <--
February 18th, 2005 <http://fedoraproject.org/fudcon/>
More information about the fedora-list
mailing list