Setting up a Family Firewall

Under Construction

Eventually I will put complete instructions and a full set of configuration files in here. Please bear with me. Feel free to send me e-mail about successes, failures, or suggestions.

Introduction

This document describes how to set up a family "firewall" that will let you keep your children from accessing any part of the Internet, and in particular the World Wide Web, you want to keep them out of.

What You Need

Linux
is a free Unix clone that runs on 386 or better PC's, with at least 4Mb of main memory. It comes with all the software you need to access the Internet. You can get it on a CD-ROM for about $30. Alternatively, you can use any other version of Unix.
CERN's World-Wide Web server (httpd)
which can act as a proxy.

Setting Up a Proxy Server

Hardware

The proxy server doesn't have to run on the same machine you usually interact with. In fact, if you have a ``shell account'' at some internet service provider, you can run it on their machine.

If you have an old 386 or 486 machine sitting around the house, you can run Linux on that and use it as a gateway, news server, mail server, and file server as well as a firewall. You could even run Windows or MacOS on your main machine.

Configuring CERN httpd

Of course, nobody uses the CERN demon anymore; these really need to be updated for Apache. When I wrote this, CERN was the only common server that had proxy support.

For Apache, one would of course use the ProxyBlock directive:

  ProxyBlock joes-garage.com some-host.co.uk rocky.wotsamattau.edu
  
For every site, directory, or file you want to block access to, you need to add a "Fail" command to the server's configuration file "httpd.conf". These have to go in front of the first "Pass" line. Fail *//bad.site.com/* #all access to site Fail *//some.site.com/bad/* #subdirectory Fail *//some.site.com/bad* #file prefix Fail *//some.site.com/bad.html #file

Using a Proxy Server

Now add the following lines to the ".profile" file in the home directory of any user whose access you want to restrict: http_proxy="http://proxy/"; export http_proxy ftp_proxy="http://proxy/"; export ftp_proxy gopher_proxy="http://proxy/"; export gopher_proxy wais_proxy="http://proxy/"; export wais_proxy (Which assumes that "proxy" is the name of the machine you want to use as a proxy. If you don't have a network, you can just use "localhost".)

That's it!


<URL: http://theStarport.org/people/steve/Doc/family-firewall.html>
$Id: family-firewall.html,v 1.5 1999/07/10 05:38:09 steve Exp $

steve@theStarport.org>