Lade...
 

Simple safe browsing environment for intranets

Intro


You want to avoid that someone can browse porn or other bad content? You can simply do this with opendns. If you run your own bind DNS server for your intranet, you can also have some more fine grained control, which device has restricted acces, and which not. This is based on the IP of the device, so it can be easily circumvented, but for some environments this is hard enough.

OpenDNS


OpenDNS offers access to DNS Servers that redirect unwanted sites to a blocking page. To get access to configure the level of filtering, you have to create a account here:

https://www.opendns.com/home-internet-security/

Dynamic IPs


Most people get dynamic IPs. So OpenDNS hast to get informed, who queries. With Linux you can use ddlient. It is described here:

https://support.opendns.com/entries/23554765-Linux-IP-Updater-for-Dynamic-Networks

Filter for some, but not all internal IPs


This works well, if you run bind DNS server inside your network. You can use bind's "view" feature. A example config:

acl restricted_hosts { 192.168.178.128/25; };

view "restricted" {
        match-clients { restricted_hosts; };
        forwarders {
            208.67.222.222; # OpenDNS Servers
            208.67.220.220;
        };

        zone "localhost" in {
                type master;
                file "localhost.zone";
        };

        zone "0.0.127.in-addr.arpa" in {
                type master;
                file "127.0.0.zone";
        };
        # ... more zones ...
};


view "unrestricted" {
        match-clients { !restricted_hosts; any; };

        zone "." in {
                type hint;
                file "root.hint";
        };

        zone "localhost" in {
                type master;
                file "localhost.zone";
        };

        zone "0.0.127.in-addr.arpa" in {
                type master;
                file "127.0.0.zone";
        };
        # ... more zones ...
};


This would restict all IPs from 192.168.178.129-255 while lower IPs would be able to access the internet unrestricted.


Thanks to Joseph for pointing me to a broken link. He has a toolbox of 120 tools and tricks for the concerned parent to keep their child safe online: http://backgroundchecks.org/the-concerned-parents-toolbox-120-tools-and-tricks-to-protect-your-kids.html

Erstellt von redflo. Letzte Änderung: Dienstag Juli 25, 2017 16:53:10 GMT-0000 by redflo.