Install Parental Controls
From Knowledge76
Dansguardian does an outstanding job of web content filtering to protect from rubbish on the internet. This howto is a synthesis of information taken from: http://www.pilpi.net/journal/item-985.php
Setting up Dansguardian using Tinyproxy and Firehol on Ubuntu/Edubuntu
1. Ensure "universe repository" is activated and install packages: sudo apt-get update sudo apt-get install dansguardian tinyproxy firehol
Note: will probably need to reinstall dansguardian to overcome clamav config errors.
2. Edit: sudo gedit /etc/dansguardian/dansguardian.conf
a) Add comment (#) to:
- UNCONFIGURED
b) Turn off virus checking (if not wanted): virusscan=off
c) Check that the following are set: filterport = 8080 proxyip = 127.0.0.1 proxyport = 3128
d) Save & exit.
e) Run: sudo dpkg-reconfigure dansguardian
3. Edit: sudo gedit /etc/firehol/firehol.conf
Add all of the following at the start of the document:
iptables -t filter -I OUTPUT -d 127.0.0.1 -p tcp --dport 3128 -m owner ! --uid-owner dansguardian -j DROP
transparent_squid 8080 "root root"
interface any world policy drop protection strong client all accept server cups accept
- server webcache accept
Note: will need to remove "interface any world . . ." further on in the document. Note: uncomment "server webcache accept" if this dansguardian system is going to filter others on a network BUT do not then connect directly to the internet as this is opening it wide open for anyone to access!
4. Edit: sudo gedit /etc/default/firehol
START_FIREHOL=YES
This is to allow restarting of the firewall.
5. Edit sudo gedit /etc/tinyproxy/tinyproxy.conf
Change/add the following lines (by scrolling through the document): User root Group root Port 3128 ViaProxyName "tinyproxy"
6. Restart each program:
sudo /etc/init.d/tinyproxy restart sudo /etc/init.d/firehol restart sudo /etc/init.d/dansguardian restart
7. Dansguardian should now be operational blocking objectional sites using any browser!
- EDITED INFORMATION ** I have edited this to include the use of these instructions for not only a single desktop but also for other systems (including Windows boxes) to point to such a configured box on a network and be filtered. This requires the addition of the last line in firehol.conf as above "server webcache accept".
The other systems must have their proxy settings set in the browser to point to the ip address of the dansguardian system and port 8080.
In Firefox: Edit -> Preferences -> General -> Connection Settings -> Manual proxy configuration
Check manual proxy configuration and add “your DG box ip address” in first box and “8080” in second Then tick “Use this proxy server for all protocols”
These settings can be locked, instructions are available below to do this:
Modify the file sudo gedit /usr/lib/firefox/firefox.cfg
by adding the following:
lockPref("network.proxy.http", "127.0.0.1"); lockPref("network.proxy.http_port", 8080); lockPref("network.proxy.type", 1); lockPref("network.proxy.no_proxies_on", "localhost, 127.0.0.1");
PLEASE NOTE: The dansguardian system that is doing the filtering on your network using this configuration CANNOT be connected directly to the internet - very important!!
