Forums | MacLife

You have a nice little conundrum presented.

However, you have three problem areas and one is not compatible with one of your requirements.

1. To filter all of your network, simultaneously, you need a dedicated server to interface between your ISP and your home based computers.

2. You can dedicate a box and run a linux server, though I'm not aware of what filtering software is available. You need some real adminstrator/linux skills for this. Or you could run Xserver (the Mac server OS). Both are cheaper than any Windows option.

3. The ability for adults to bypass the filtering requires a serious software solution that allows by account/login selection of filtering. This is neither easy to implement for a novice, nor is it simple to maintain. It could be expensive, but I can't say for certain.

KesslerB wrote:

My young kids are growing up in a very wired household: 4 Macs, 2 Windows, and 1 Linux box are up and running most of the time. My oldest one is now at the age where he wants to be able to do things on the Internet, and I want to let him go and explore. I’m planning on being a guiding hand with him, but even so, some “interesting” things can appear. So I’m interested in content-filtering proxies. Anybody have a suggestion on where to begin? I think my requirements aren’t that out of the ordinary, if they are a bit specific:

* It has to protect my whole network: all of our Macs, a couple of PCs, a Wii, and a PS3. (That's why parental controls won't help.)
* I’m willing to dedicate a computer running Mac OS X, Windows XP or 7, or Linux for this. (In fact, I prefer a dedicated box that I can physically secure as the kids get older and more savvy....)
* I’d like it to be relatively easy to install, configure, and maintain.
* The content filtering should be not only category-based, but also take into account whitelists and blacklists, etc.
* I’d like to augment outside lists with my own custom lists of domains/IPs/etc. to allow or deny.
* Adjustable levels of filtering, preferably on a per-user or per-computer basis. (I'd prefer a per-user model, as I don't want to filter the adults who float from machine to machine.)
* A Web-based interface would be nice, but I can go all texty if necessary.
* Free (or low-cost) would be nice.
* I’m hoping that my wife can also administer it when necessary, but that’s not an absolute requirement. (She's tech-savvy, but not a gearhead like me.)

Help please! (Or have I just hit on a good topic for a series of articles and how-tos in the print edition?)
--
Brett

An easy (and free) solution is to edit the hosts file of each computer and bind "bad" sites to 127.0.0.1. Its pretty easy to modify and if you make normal user accounts for the kids they wont be able to change them.

Here are the instructions for windows and os x

You find a large list of bad sites here

Last edited by Steyr AUG (2009-10-08 12:16 pm)

Thanks for all of the replies so far....

sturner: Yep, I agree that the dedicated server is the way I want to go; I certainly have enough surplus hardware around here to drop a Linux proxy in place. I'm not sure if the third point you make is that much of a roadblock. The way I think about it is that all I'd have to do is somehow authenticate to the proxy server which would then say "yep, for the next X minutes, don't filter that IP address." Plus, as an IT professional with 20+ years in the field, I think I'm past the "novice" stage... But the content filtering world is still a new thing to me.

mrreet2001: I hadn't thought of that one. I'm not concerned about that at the moment, though, so if I lose online gaming capabilities on the Wii and PS3, I'm OK with that. If I have to tackle that a few years down the road, I'll worry about it then.

Steyr AUG: That's an awful lot of manual labor to update all of those machines as new sites pop up. And it doesn't protect the Wii or the PS3. I could go the DNS route to ease the management burden (either running one in-house or through something like Open DNS), but that limits the adults in my home to kid-friendly sites. And it still doesn't prevent access to bad things by IP address.

I'm still questing around for a starting point....