This howto is for a single computer that is not part of a network. It sets up Dansguardian, an open source web content filter that is free for home and non-commercial use. At no monetary expense and in only a few short minutes you can have excellent content filtering (on Linux) by using the seven step guide below. To get started right now scroll down to the big red words that say ‘let’s go!‘ or read this background information first:
Content Filters can ‘clean up’ web content by excluding a great quantity of unwanted material (see also this post about limitations of content filtering.) Dansguardian’s website states:
DansGuardian is an award winning Open Source web content filter which currently runs on Linux, FreeBSD, OpenBSD, NetBSD, Mac OS X, HP-UX, and Solaris. It filters the actual content of pages based on many methods including phrase matching, PICS filtering and URL filtering. It does not purely filter based on a banned list of sites like lesser totally commercial filters.
DansGuardian is designed to be completely flexible and allows you to tailor the filtering to your exact needs. It can be as draconian or as unobstructive as you want. The default settings are geared towards what a primary school might want but DansGuardian puts you in control of what you want to block.
DansGuardian is a true web content filter. [more at the Dansguardian site here]
This howto assumes the computer in question runs Ubuntu Linux. (If you can find a content filter so good for free on Microsoft Windows I’d be surprised, but please let me know.) This howto has been tested on Edubuntu (Ubuntu) 8.04 only. It is designed, I hope, to be very easy for Linux beginners to follow.
About the software that needs to be installed: Requesting Dansguardian for installation will also install ClamAV Anti-virus software because incoming web content will be checked for viruses by default, (but this feature of Dansguardian could be disabled if wanted.) The FireHOL package will also need to be installed, this makes configuration of the built-in Linux IPTables firewall easier. Tinyproxy will be used as the http proxy (think asking a friend to fetch something from a shop for you instead of going yourself.) Dansguardian will analyse requested pages for banned content and hand them to your friend tinyproxy to give to you (if no banned content is found), otherwise it will show you an ‘access denied’ page.
Please note: All steps of this howto were taken from this Ubuntu Forums howto by their member Tonhou who based it on this original one. I add nothing new. If you need content filtering for a network see Tonhou’s instructions and the surrounding discussion. This howto sets up a fully functioning content filter. It does not deal with fine-tuning the filters or blocking people who know how from setting their own proxy rules within Firefox, thereby bypassing Dansguardian. Again see Tonhou’s howto if your situation may require this. (Tip: blocking firefox users from direct proxy access now looks to need a combination of Tonhou’s instructions and a script called moz-byteshift.pl, mentioned by Ubuntu Forums member Pwest on page 7 of Tonhou’s howto. I haven’t tried it yet, though.)
Let’s go!
When using these instructions writing that looks like this can be copied and pasted into files or the terminal. Yes, you have to use the terminal. No, its not scary.
Step 1: Install software.
- Open Synaptic from the menu tabs (System, Administration, Synaptic Package Manager)
- Click ‘Reload’ to advise your system of new changes. Then click the ‘Mark all Upgrades’ button to upgrade any installed software that needs it. If there is any click ‘Apply’ to install it.
- Once you’re up to date click ‘Search’ in Synaptic and type in ‘dansguardian’
- right click on the entry that appears and choose ‘Mark for Installation’. You will be shown that ‘clamav’ will be installed too.
- Search for ‘firehol’ and mark it for installation. Same for ‘tinyproxy’
- Click ‘Apply’ and exit Synaptic once everything’s installed.
Step 2: Edit the Dansguardian configuration file. This has to be done as an administrator (via the ‘sudo’ command) rather than a regular user as the filter system can’t be changed by regular users.
- Open a terminal from the menu tabs (Applications, Accessories, Terminal.)
- In the terminal write:
sudo gedit /etc/dansguardian/dansguardian.conf
- Press ‘enter’. You will be asked for your user-password.
- The ‘gedit’ text editor window opens. Now prepare Dansguardian for work by ‘commenting out’ the line that says it’s not ready. To do this change the line that reads ‘UNCONFIGURED’ to read:
#UNCONFIGURED
- OPTIONAL: If you don’t want virus scanning change the line ‘virusscan=on’ to read: virusscan=off
- Check that the following three lines look exactly like this (or change them to look like this):
filterport = 8080
proxyip = 127.0.0.1
proxyport = 3128
- Save the file and close the gedit application.
Step 3: After changing the configuration file reconfigure Dansguardian
- In your terminal write (and then press ‘enter’):
sudo dpkg-reconfigure dansguardian
- NOTE: This will return errors about a proxy, but the proxy has not been set up yet, so don´t worry. Ignore them.
Step 4: Edit the ‘FireHOL’ configuration file
- In your terminal write (and then press ‘enter’):
sudo gedit /etc/firehol/firehol.conf
- Add all of the following (duplicated lines already in the file can be overwritten) below the line “# Accept all client traffic on any interface”:
iptables -t filter -I OUTPUT -d 127.0.0.1 -p tcp --dport 3128 -m owner ! --uid-owner dansguardian -j DROP
transparent_squid 8080 "root root"
interface any world
policy drop
protection strong
client all accept
server cups accept
- Note: If you are not copying and pasting text (why not?) please note the long line above starting ‘iptables’ and ending ‘DROP’ is all one line and should not be broken by pressing the ‘enter’ key at any point while writing it until after the word ‘DROP’.
- Save the file and close the gedit application.
Step 5: Edit another ‘FireHOL’ file to allow restarting the firewall
- In your terminal write (and then press ‘enter’):
sudo gedit /etc/default/firehol
- Change the file to read: START_FIREHOL=YES
- Save the file and close the gedit application.
Step 6: Edit the ‘Tinyproxy’ configuration file
- In your terminal write (and then press ‘enter’):
sudo gedit /etc/tinyproxy/tinyproxy.conf
- Change the four lines that begin with the words ´User´, ´Group´, ´Port´ and ´ViaProxyName´ to read as below, if they do not already:
User root
Group root
Port 3128
ViaProxyName "tinyproxy"
- Save the file and close the gedit application.
Step 7: Restart each program
- Using your terminal enter the following three commands, pressing ‘enter’ after each one:
sudo /etc/init.d/tinyproxy restart
sudo /etc/init.d/firehol restart
sudo /etc/init.d/dansguardian restart
You now have content filter protection for your family at no cash expense!
Here’s what a google search for ‘porn’ got me:
me, you and it 