Internet Filtering – IPCop and Open DNS
We use a combination of IPCop and OpenDNS for internet filtering at DCHS and some of the other schools we support. Both are free solutions and the combination of both products provides for a quality filter.
IPCop installs on most standard low end PCs, you just need to make sure that you have 2 network cards. After the basic install and setup the configuration is all web based, so it requires very little Linux knowledge to get up and running. There is plenty of documentation online for the initial setup and configuration of IPCop. IPCop by itself is a basic firewall but does not filter your internet access. By adding plugins you can turn IPCop into a great tool for filtering internet access. The add-ons URL Filter and Advanced Proxy allow you to setup filtering. URL Filter can download blacklists from Shalla Secure Services which I have found to be up-to-date, and they are also free. Make sure that after you select Shalla Secure Services you click Update Now to get the current list of categories. It will take a few minutes to download. After a successful download you will see Block Categories section at the top of the URL Filter window populate with several new categories. The Advanced Proxy add-on allows for the logging of usernames and sites visited based on Active Directory and a few other directory services.
The documentation for all of these tools is good and you should be able to find everything needed with Google searches. One issue that I have run into twice now is that your private network (LAN) and your public network (WAN) can not be connected to the same switch or IPCop will fail over a period of time. This is not a good idea anyway but you can often get away with it. The solution is to create a VLAN for your WAN if you have a managed switch or to purchase a low end 5-8 port switch for your internet connection.
Open DNS does not need much explanation. We use it as a secondary filter to IPCop. All of our name resolution (DNS) is handled by Open DNS which allows you to setup filters based on the IP address you are coming from. The basic service is free and recently they have added several paid options that I have not tried. I would consider moving all of our filtering to Open DNS if they where able to log user names and alerts. For now they have not added this option so we will continue with IPCop as our primary filter and Open DNS as the secondary.
If it is only Internet filtering that you want, then you should check out SafeSquid. It is very comprehensive, and allows you to use a number of other free applications, like URL Blacklist from Shallalist, Clam Anti Virus at the gateway level, Sarg and other log analyzers to generate detailed usage reports, etc.
Additionally, it allows you to enforce SafeSearch on search engines, and YouTube Safety Mode at the gateway. These features are very useful for home-users as well as schools and colleges.
It lets you authenticate users for ADS / LDAP, supports NTLM & LSA authentication. You can also create local users / groups with its web gui. All these options allow you to log usernames instead of IP, and generate user-based usage reports.
You can create granular access polices based on users / groups, so you can have different access polices for teachers, students, staff, etc.
Earlier, they had a full-featured 20 user free edition, which was lately reduced to 3 users. Still, it should be enough for home-users.
Thanks for the information about SafeSquid. I will have to check them out. My goal is to not have to pay for content filtering and it looks like SafeSquid would charge for a school. IPCop with URL Filter add-on also allows for safe search.
Yes, the free edition is limited to 3 users. Though SafeSquid has a low cost perpetual license, IMHO it depends on the value that it has to offer. These Howtoforge Tutorials should give you some idea of how it can be used.
[...] students about our Internet filtering here at DCHS and how they can filter the Internet at home. I blogged about our filtering solution at DCHS here. I believe that all parents should take great care at home to limit access to the [...]