Question about blocking all sites except a few (whitelist)
Posted: Sat Sep 05, 2009 10:11 am
Well guys, My uncle called me weeks ago, and asked me if i could do something to restrict the Internet access for his staff (about 15 people) in his law firm. The thing is, they do not finish their work on time because some of them access sites like youtube.com and a few other sites during their working hours.
Even after confronting them , and giving them 1 last chance, they abused their privilege so he wanted this to stop. I bought a low cost computer (Pentium 4 machine) , added another NIC on it (1 on-board, 1 PCI) and installed Fedora 11 on it. Configured Squid as well as the iptables. The Squid has been configured to block all sites except the sites that we wanted them to access (about 8 or 9 sites, which are related to banks). This worked fairly well, except that the machine would sometimes crash or reboot, thus halting the access of these staff for a while. The RAM and HDD space is sufficient enough, and the cache settings for squid is not too high, in which it doesn't exceed the RAM or even the HDD.
I recently purchased a router for my house, WRT54GL since my All in one (router+modem+switch) Asus wireless router would drop the WAN connection randomly every 24 ~ 48 hours, while torrenting. Then i read about WRT54GL and thought it'l be a great solution to this. Then i flashed it with tomato firmware and it worked great. Tomato Victek's mod to be exact.
While searching for other firmwares, i stumbled upon this site. From the screenshots, Gargoyle firmware looks quite steady and judging from the forum, i should think that it is as good as tomato. Now i was thinking , if I should replace the computer in my uncle's office that is serving as a webproxy to block out sites? My uncle has recently quaried around and someone recomended him to get a firewall router, which costs about RM990 (USD$282).
Then i came to think that , perhaps if gargoyle should have this feature where it could block out all sites except the bank sites (whitelist) it would be a much cheaper solution. (coincidently, i found gargoyle's forum again , while doing a search in Google of how to block all sites and allow only white list sites on wrt54gl).
For the tomato's firmware, i could block out sites from Access Restriction menu. However, i would have to insert all sites manually , and that isn't possible. People have recommended to use OPENDNS's blocking service, but i found that some sites are still allowed to be accessed, and we don't want that although you could add those sites in OPENDNS's blacklist.
Basically, what i am asking is, Could i block all sites (blacklist) except a few, around 8 or 9 sites (whitelist) using Gargoyle's firmware for WRT54GL?
Even after confronting them , and giving them 1 last chance, they abused their privilege so he wanted this to stop. I bought a low cost computer (Pentium 4 machine) , added another NIC on it (1 on-board, 1 PCI) and installed Fedora 11 on it. Configured Squid as well as the iptables. The Squid has been configured to block all sites except the sites that we wanted them to access (about 8 or 9 sites, which are related to banks). This worked fairly well, except that the machine would sometimes crash or reboot, thus halting the access of these staff for a while. The RAM and HDD space is sufficient enough, and the cache settings for squid is not too high, in which it doesn't exceed the RAM or even the HDD.
I recently purchased a router for my house, WRT54GL since my All in one (router+modem+switch) Asus wireless router would drop the WAN connection randomly every 24 ~ 48 hours, while torrenting. Then i read about WRT54GL and thought it'l be a great solution to this. Then i flashed it with tomato firmware and it worked great. Tomato Victek's mod to be exact.
While searching for other firmwares, i stumbled upon this site. From the screenshots, Gargoyle firmware looks quite steady and judging from the forum, i should think that it is as good as tomato. Now i was thinking , if I should replace the computer in my uncle's office that is serving as a webproxy to block out sites? My uncle has recently quaried around and someone recomended him to get a firewall router, which costs about RM990 (USD$282).
Then i came to think that , perhaps if gargoyle should have this feature where it could block out all sites except the bank sites (whitelist) it would be a much cheaper solution. (coincidently, i found gargoyle's forum again , while doing a search in Google of how to block all sites and allow only white list sites on wrt54gl).
For the tomato's firmware, i could block out sites from Access Restriction menu. However, i would have to insert all sites manually , and that isn't possible. People have recommended to use OPENDNS's blocking service, but i found that some sites are still allowed to be accessed, and we don't want that although you could add those sites in OPENDNS's blacklist.
Basically, what i am asking is, Could i block all sites (blacklist) except a few, around 8 or 9 sites (whitelist) using Gargoyle's firmware for WRT54GL?
