CentOS - Oct 2005 - pointers for using CentOS box as filter for children

greetings

has anyone here setup a CentOS box to use as a home or business gateway for
children through young adults or otherwise?

i realize this is a generalized question and that iptables and many other
things exist that could be implemented.

im looking for a way to give the youngster the benefit of the doubt and
allow them to "obey God/parents" first before they have to be totally
restricted after having been disobedient.

specifically we could do it two ways.

one is, that which is not expressly permitted is denied... and i would
prefer not to have to do it that way. it is too easy and may not allow for
the child to choose to be obedient to God/parents.

the other seems like it might be better, that which is not expressly denied
is permitted... YET

i want to make sure of only a few things if possible...

how can i keep the youngster from using an IM program and how to make sure
they are not transferring files larger that say 100k, ie no large music
files etc? only small pics or homework things etc.

can one hit a moving IM program protocol port target that recognizes the
packets and shut it down?

also, what packages out there are people using that have time based
restrictions, like until 11pm or other configs?

thanks

 - rh

--
Robert Hanson - Abba Communications
Computer & Internet Services 
www.abbacomm.net

On 10/11/05, Robert <roberth at abbacomm.net>
wrote:
> greetings
>
> has anyone here setup a CentOS box to use as a home or business gateway for
> children through young adults or otherwise?
>
> i realize this is a generalized question and that iptables and many other
> things exist that could be implemented.
>
> im looking for a way to give the youngster the benefit of the doubt and
> allow them to "obey God/parents" first before they have to be
totally
> restricted after having been disobedient.
>
> specifically we could do it two ways.
>
> one is, that which is not expressly permitted is denied... and i would
> prefer not to have to do it that way. it is too easy and may not allow for
> the child to choose to be obedient to God/parents.
>
> the other seems like it might be better, that which is not expressly denied
> is permitted... YET
>
> i want to make sure of only a few things if possible...
>
> how can i keep the youngster from using an IM program and how to make sure
> they are not transferring files larger that say 100k, ie no large music
> files etc? only small pics or homework things etc.
>
> can one hit a moving IM program protocol port target that recognizes the
> packets and shut it down?
>
> also, what packages out there are people using that have time based
> restrictions, like until 11pm or other configs?
>
Basic Setup
Assign IPs or a subnet to the young ones.
Setup a web proxy (Squid?).
Setup perimeter to block young IPs and limit protocols for proxy.
Cron jobs to block proxy and unblock proxy at the selected times.

Consider Dans Guardian (http://dansguardian.org/)

--
Leonard Isham, CISSP
Ostendo non ostento.

--- Robert <roberth at abbacomm.net> wrote:
> greetings
> 
> has anyone here setup a CentOS box to use as a home
> or business gateway for
> children through young adults or otherwise?
> 
> i realize this is a generalized question and that
> iptables and many other
> things exist that could be implemented.
> 
> im looking for a way to give the youngster the
> benefit of the doubt and
> allow them to "obey God/parents" first before they
> have to be totally
> restricted after having been disobedient.
> 
> specifically we could do it two ways.
> 
> one is, that which is not expressly permitted is
> denied... and i would
> prefer not to have to do it that way. it is too easy
> and may not allow for
> the child to choose to be obedient to God/parents.
> 
> the other seems like it might be better, that which
> is not expressly denied
> is permitted... YET
> 
> i want to make sure of only a few things if
> possible...
> 
> how can i keep the youngster from using an IM
> program and how to make sure
> they are not transferring files larger that say
> 100k, ie no large music
> files etc? only small pics or homework things etc.
> 
> can one hit a moving IM program protocol port target
> that recognizes the
> packets and shut it down?
> 
> also, what packages out there are people using that
> have time based
> restrictions, like until 11pm or other configs?
> 
> thanks
> 
>  - rh
> 
> --
> Robert Hanson - Abba Communications
> Computer & Internet Services 
> www.abbacomm.net
>  
> 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 
Rob,

I thought IM uses a specific port and you would be
able to block that port. I know certain ones like mirc
uses port 6667 if i am remembering correctly. Anyone
can correct me if i am totally wrong. 

Steven
 

"On the side of the software box, in the 'System Requirements'
section, it said 'Requires Windows or better'. So I installed
Linux."

On Tue, 2005-10-11 at 13:04, Robert wrote:
> greetings
> 
> has anyone here setup a CentOS box to use as a home or business gateway for
> children through young adults or otherwise?
> can one hit a moving IM program protocol port target that recognizes the
> packets and shut it down?
> 
> also, what packages out there are people using that have time based
> restrictions, like until 11pm or other configs?
You need to look at using a proxy server setup.  Basic setup you would
have a firewall which would only accept connections from the proxy
server.  The proxy server can then be configured to allow only certain
protocols and/or access to specific sites.  Clients would be configured
to use the proxy.  Without the proxy being setup that client would only
have access to the local LAN.  Check out squid to use for the proxy. 
You can use just about any firewall as long as it allows you to restrict
access to all but the proxy server.  

You can use cron to enable/disable access at specific times.

An embedded and charset-unspecified text was scrubbed...
Name: not available
URL:
<http://lists.centos.org/pipermail/centos/attachments/20051011/6a1d4dd3/attachment-0002.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: SpamAssassinReport.txt
URL:
<http://lists.centos.org/pipermail/centos/attachments/20051011/6a1d4dd3/attachment-0002.txt>