Dansguardian Internet Content Filtering
DansGuardian is an award winning Open Source web content filter which currently runs on Linux, FreeBSD, OpenBSD, NetBSD, Mac OS X, HP-UX, and Solaris. It filters the actual content of pages based on many methods including phrase matching, PICS filtering and URL filtering. It does not purely filter based on a banned list of sites like lesser totally commercial filters.
DansGuardian is designed to be completely flexible and allows you to tailor the filtering to your exact needs. It can be as draconian or as unobstructive as you want. The default settings are geared towards what a primary school might want but DansGuardian puts you in control of what you want to block.
sudo apt-get install clamav-freshclam iptables dansguardian squid
Download blacklists from a site such as http://urlblacklist.com/?sec=download
tar -xzf bigblacklist.tar.gz sudo mv blacklists /etc/dansguardian/blacklists sudo chown -R root:root /etc/dansguardian/blacklists
You will likely want to customize some filtering options. In particular, you may want to comment (#) or uncomment options in these files:
Edit /etc/squid/squid.conf: Make these options appear as shown.
... http_port 3128 transparent ... always_direct allow all ...
sudo squid start
... #UNCONFIGURED - Please remove this line after configuration ... filterip = 127.0.0.1 ... daemonuser = 'proxy' ... daemongroup = 'proxy' ... accessdeniedaddress = 'http://localhost/cgi-bin/dansguardian.pl' ...
Change the Dansguardian log folder to the correct ownership and start Dansguardian:
sudo chown -R proxy:proxy /var/log/dansguardian sudo /etc/init.d/dansguardian start
Now configure iptables to redirect internet traffic through the filter system:
sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner proxy -j ACCEPT sudo iptables -t nat -A OUTPUT -p tcp --dport 3128 -m owner --uid-owner proxy -j ACCEPT sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8080 sudo iptables -t nat -A OUTPUT -p tcp --dport 3128 -j REDIRECT --to-ports 8080 sudo iptables-save > iptables sudo mv iptables /etc/dansguardian/iptables
Create a script in /etc/rc2.d, such as S60iptables:
/sbin/iptables-restore < /etc/dansguardian/iptables
Make sure the script is executable:
sudo chmod 750 /etc/rc2.d/S60iptables
As an alternative to the above script, you can simply install the iptables-persistent package.
Finally, to allow Ubuntu updates to pass through the filter, add the following to the end of /etc/dansguardian/lists/exceptionextensionlist:
# Archives & packages .bz2 .gz .tbz2 .tar .deb .gpg