Suggested Feature: Blocked Pages Notification

[Eric]

Ah, should have responded to this sooner --sorry.

The main reason I haven't done anything is because OpenDNS is ALREADY an option with Gargoyle. As of 1.0.3 (quite a long while back) you can configure Gargoyle to use OpenDNS.

What I was thinking of when I first made that post was actually creating an iptables module to control DNS requests, which no one else has done. However, you can achieve results that are as good if not better, by just signing up and using OpenDNS, so playing with that option has a fairly low priority.

uncle john -- one more thing, just to be clear. Gargoyle already has "shaping", it's called QoS (Quality of Service). It just isn't linked to the quotas right now. That's what I'm still working on.

[uncle john]

Thanks for your comments. Sorry about the provocative mention of Netgear. The problem with the Netgear/OpenDNS approach is that you need to pay $9.95 a year to OpenDNS to get whitelist capability (OpenDNS Deluxe).
Earlier on in this topic I described how you can implement a whitelist by supplimenting OpenDNS Basic with Gargoyle Access Restrictions. The problem with this is the lack of notification.

...
What I was thinking of when I first made that post was actually creating an iptables module to control DNS requests, which no one else has done.
....

CoovaChilli includes a "walled garden" feature that processes DNS requests. I haven't looked at the code to see if they use iptables. No point really. I don't have the programming skills to do anything with it.
But given the level of interest in this topic you might like to take a peek.

PS. I'm coming around to the idea that if I can get access restrictions sorted "shaping" and quotas etc will be much less relevant.

[Mad Dawg]

If you use Open Dns for your DNS servers you can do this and more from its account settings

[uncle john]

You cannot. See also here.
Another problem with the centralized OpenDNS filtering approach is that it won't work for Mobile network connections where public IP addresses are not assigned.

[Mad Dawg]

Uncle John
I have a free account with them and you certainly can block custom addresses (with a few exteptions of course)

What we do is the Gateway/core Internet router device is set use open DNS servers
That way whatever is set to be blocked in your account profile is also blocked for anything connected behind your router (ie the entire lan network) provided that all clients are set to use the gateway router as there DNS server (which it normally is)

works slick it even lets you upload your own loago to display with the blocked page message
and their DNS servers resolve faster than even our providers dns does
its all free so give it a try

[uncle john]

OpenDNS Deluxe is also called "Family Pack" and it provides "White-list Only mode".
Sorry, I should have included the word "Only" in my earlier comments. That would have made things a little clearer.

[uncle john]

I've been having at look at Netgear's "Live Parental Controls". These controls have some advantages and disadvantages when compared to what can be achieved using Gargoyle.
One basic advantage of Gargoyle is that you can configure firewall restrictions for what I'll call "lights out" mode (ie. can't access anything). I doubt whether Netgear/OpenDNS will ever include this as they are financed by advertising.
Netgear's user utility is an interesting idea. It provides for user specific time periods where a user can "by-pass" default filter settings to access sites which are otherwise blocked. The drawback is that this utility needs to be installed on the client device being used. Gargoyle's planned captive portal will available to all client devices without the need for installing extra software. (On the other hand perhaps a similar utility could be provided for Gargoyle).
OpenDNS plan to introduce user specific features later this year. Although you will need to pay an annual subscription for this service (ie. OpenDNS Deluxe) at least you won't need extra software on client devices etc.
There is one area where Gargoyle will always retain an advantage: Web Usage Monitoring. Although OpenDNS has a similar service the data are not anywhere near real time and are usually delayed by at least a day.

[uncle john]

Time to revisit my reason for starting this topic:

I notice that when you try to access a restricted URL you are simply presented with a blank page. It would be useful to let the user know why they are not gaining access.

This statement implies that blocking could be user specific.
In my last posting I mentioned Netgear's Live Parental Controls and some reasons I'd still prefer to stay with Gargoyle.
One reason I didn't include is that Netgear's User Utility is only available for MS Windows. In other words you can't use their service for Mac OS X or Mobile Phones (cell phones) etc.
In another post I suggest a way in which Gargoyle might be developed to so as to "recognise" specific users. What I think is attractive about the method I suggest is that unlike the Netgear approach it would not require the installation of additional software on client devices. I'd welcome comments on the method I've suggested at the topic:"Getting Around the Quota"..

[uncle john]

...
It may be possible to redo the way I'm filtering websites by re-writing DNS rules, though this means you can only match domain and not the path (though 99% of the time we just care about the domain anyway...).
...
Let's just say it's on my to-do list (which is quickly approaching the length of my arm...)
...

Hi Eric,
If the number of views was the measure of the desirability of a feature this would be the most desirable by far.
I first suggested this feature almost a year ago. Is it getting near the top of your list yet?

[Eric]

Well... no, not really. It's still not a high priority.

Would I like to implement it? Yes. However, I don't have unlimited time, so I need to pick and choose what the priority is.

I'm a little skeptical that this is actually the number one desired feature, just because the thread has the most views. For one thing, this thread also has the most replies. There's a chicken-and-egg phenomenon where everyone thinks "hey, what is everyone else interested in?", so they have a look at the longer threads with more views like this one before others. Then other people come along and see lots of views and posts so they do the same thing, and it becomes self-reinforcing.

Just from talking to people on the Forum and via email I have come to he conclusion that integrating quotas with QoS is the #1 desired feature followed closely by #2, support for more wireless chips (especially wireless N chips). I'm actually a little embarrassed I haven't gotten around to integrating quotas and QoS yet, since I've been saying this is a priority for what seems like forever now.

Right now my priority list looks something like this:
1) Bugfixes for current features, as they are reported (and I still have a couple reports I need to follow up on)
2) Quotas+QoS
3) Support for more wireless chips (e.g. ath9k)
4) Captive portal
5) Other stuff

Bugfixes always take priority over everything, but the other stuff is listed in order of most desired to least desired features.

I could be wrong though... if people really do desperately want this feature, please speak up in this thread, below. If I get 10 replies in rapid succession saying "yes! implement this, this is what we want!", I could definitely be persuaded to implement this notification feature sooner rather than later.