Home Internet Filtering for Linux Users WAS Re: Network Control

Richard Esplin richard-lists at esplins.org
Thu Jan 7 18:10:13 MST 2010

Though I agree with Grant and Wade in principle, it is important to realize that every person is different. Some people struggle more with unfiltered Internet than others. Giving parents (and individuals) good tools to train their children (and remind themselves), is important in reaching the goal of responsible Internet use. As we grow in maturity and self control, technical solutions can become more of a hindrance than an asset.

As I have pondered how to teach my family, I think that transparency and open dialog are often more important than filtering. I really like the solution someone once told me (was it this mailing list?): the person configured Dansguardian to block concerning pages, but the block could be circumvented with a single click. Each click-through would be logged to a web page accessible by everyone in the family. The family log would show all web, email, and IM traffic. He then made sure that only Mom had the root password; his family knew that he was playing by the same rules they were under.

When I was helping a charter school setup a filter, I realized that most solutions only handle the unencrypted web (port 80). You need a separate strategy for SSL, email, IM, filesharing, etc. For example, my home firewall allows almost all outbound connections. If I found that someone was really intent on using my network to get into trouble, I would restrict that more.

Here are some tools I have found useful:

This is a commercial Internet filter that supports Linux. I haven't used it, but it looks user friendly enough that I have referred others to their service. It is also nice to see commercial providers supporting desktop Linux users.

I have DansGuardian + Squid + IPTables configured on an old laptop turned router that is only accessible with a ladder. A good solution for the tech-savvy.

This free DNS filter is better than I expected. It does a good job at preventing accidents. However, it is a pain when they incorrectly categorize something.

They sell a router installed with an Internet filter. I haven't used this product, but I think it is a good solution for non-technical people. The router seems a little underpowered and the subscription is a little high, but it's an option.

FoxFilter implements a simple whitelist in Firefox. I used this when I first give my kids their own Linux logon. It bought me a couple of years before I needed a more flexible solution.

ISP Level Filtering
Most ISPs offer a filtering solution. Digis will provide it for free. I haven't used it. I expect that ISP filtering would be challenging for even a motivated adolescent to subvert, as they have to pretext as you when talking to the ISP.

This Christian organization takes an innovative approach to personal integrity on the Internet. Instead of focusing on filtering, they focus on logging activity and then they flag items which get sent to an "accountability partner". The point is to encourage honest dialog and long term self control. I love their philosophy and I am disappointed that they don't have Linux support. I have referred Windows users to their service.

This is the filter used by the Utah Education Network for most of the schools in the state. It's an enterprise solution, and I wouldn't recommend it to home users. But it is a good benchmark of top-of-the-line Internet filtering. They handle things like flagging or blocking obscene email/instant messages, SSL filtering, blocking downloads of known pornographic files, monitoring unusual ports, and forcing safe search mode when using search engines. Forced safe search is really useful.

Good luck,


On Thu 7 January 2010 12:40:29 Wade Preston Shearer <wadeshearer.lists at me.com> wrote:
> On Thursday, January 07, 2010, at 11:29AM, "Grant Shipley" <gshipley at gmail.com> wrote:
> >Call me old fashion but .... what about just trusting them to follow the
> >rules?  If they break the rules, just take the computer away for a period of
> >time?
> >
> >Please don't take that as me trying to give you advice on how to be a
> >Father, cause it's not intended as thatl.  I just think because we are
> >*linux geeks*, that when we want to impose some restrictions on people, the
> >first thing we think of is --- there has to a open source solution for this.
> I completely agree. I also have similar thoughts on filtering. While I don't think you should have the internet wide open for youth, I also believe that you will hinder them by protecting them from everything. If they have not built up the strength to avoid bad things and manage their activities on their own then they will be doomed the second they use any other computer outside your home (which will be often).

More information about the PLUG mailing list