Dansguardian does an outstanding job of web content filtering to protect from rubbish on the internet. This howto is a synthesis of information taken from: http://www.pilpi.net/journal/item-985.php ** Edit ** 25th November 2009 Please see final pages of this thread (Pages 13-14) for adaptions/updates to this howto for Ubuntu 9.10 (Karmic) and in particular issues with Karmic version of Dansguardian. Also a deb that is available to automate much of this. Setting up Dansguardian using Tinyproxy and Firehol on Ubuntu/Edubuntu 1. Ensure "universe repository" is activated and install packages: sudo apt-get update sudo apt-get install dansguardian tinyproxy firehol Note: will probably need to reinstall dansguardian to overcome clamav config errors. 2. Edit: sudo gedit /etc/dansguardian/dansguardian.conf a) Add comment (#) to: #UNCONFIGURED b) Turn off virus checking (if not wanted): virusscan=off c) Check that the following are set: filterport = 8080 proxyip = 127.0.0.1 proxyport = 3128 d) Save & exit. e) Run: sudo dpkg-reconfigure dansguardian 3. Edit: sudo gedit /etc/firehol/firehol.conf Add all of the following at the start of the document: iptables -t filter -I OUTPUT -d 127.0.0.1 -p tcp --dport 3128 -m owner ! --uid-owner dansguardian -j DROP transparent_squid 8080 "root root" interface any world policy drop protection strong client all accept server cups accept #server webcache accept Note: will need to remove "interface any world . . ." further on in the document. Note: uncomment "server webcache accept" if this dansguardian system is going to filter others on a network BUT do not then connect directly to the internet as this is opening it wide open for anyone to access! 4. Edit: sudo gedit /etc/default/firehol START_FIREHOL=YES This is to allow restarting of the firewall. 5. Edit sudo gedit /etc/tinyproxy/tinyproxy.conf Change/add the following lines (by scrolling through the document): User root Group root Port 3128 ViaProxyName "tinyproxy" 6. Restart each program: sudo /etc/init.d/tinyproxy restart sudo /etc/init.d/firehol restart sudo /etc/init.d/dansguardian restart 7. Dansguardian should now be operational blocking objectional sites using any browser! ** EDITED INFORMATION ** I have edited this to include the use of these instructions for not only a single desktop but also for other systems (including Windows boxes) to point to such a configured box on a network and be filtered. This requires the addition of the last line in firehol.conf as above "server webcache accept". The other systems must have their proxy settings set in the browser to point to the ip address of the dansguardian system and port 8080. In Firefox: Edit -> Preferences -> General -> Connection Settings -> Manual proxy configuration Check manual proxy configuration and add “your DG box ip address” in first box and “8080” in second Then tick “Use this proxy server for all protocols” These settings can be locked, instructions are available below to do this: Modify the file sudo gedit /usr/lib/firefox/firefox.cfg (sudo gedit /usr/share/doc/firefox-3.5/firefox.cfg) - for Firefox 3.5 by adding the following: lockPref("network.proxy.http", "127.0.0.1"); lockPref("network.proxy.http_port", 8080); lockPref("network.proxy.type", 1); lockPref("network.proxy.no_proxies_on", "localhost, 127.0.0.1"); PLEASE NOTE: The dansguardian system that is doing the filtering on your network using this configuration CANNOT be connected directly to the internet - very important!!
Last edited by tonhou; November 24th, 2009 at 11:28 PM. Reason: Change in Dansguardian
wow!! thanks for that howto!! i've been looking everywhere for that kinda thing!! you don't even need to configure the browser with the proxy or anything?
just one problem when i follow this guide my browser can't connect but things like gaim and my email programme can connect??? anyone able to help m,e?
I am having the same problem, it seems to block everything
Sorry that it is not working for you guys! I'm afraid I don't really know what the issues are. It has worked for me on around 6 systems that I have set up. I have also done other enhancements - added lines to dansguardian configuration to block undesirable image searches and also locked firefox browser settings to stop use of secure proxy sites. Could you check that each of the three programs are running. In a terminal: ps auxf Also you may like to look at this post where there is a similar approach with some different configuration: http://ubuntuforums.org/showpost.php...7&postcount=21 --Tony
I am sorry, it is actually working VERY well and now I just have to tinker with the filters. Thenk you for the HowTo, I have been looking for someting like this for months!
Glad that it is working! Here are some changes that I have made to filters etc. for searching images and also for stopping access to secure proxy sites. 1. Modify the file /etc/dansguardian/bannedregexpurllist by uncommenting (remove #) so that it looks as it is below: #Block unfiltered options on various search engines (^|[\?+=&/])(.*\.google\..*/.*\?.*safe=off)([\?+=&/]|$) (^|[\?+=&/])(.*\.alltheweb.com/customize\?.*copt_offensive=off)([\?+=&/]|$) #Block images on altavista, alltheweb, yahoo etc - as they are anonomised (yahoo.com\/image\/) (yimg.com\/image\/) (altavista.com\/image\/) (altavista.com\/video\/) AND/OR modify the file /etc/dansguardian/bannedphraselist by adding the following: #----- # Google < safesearch is off >,< about google >,< Advanced Image Search> # Yahoo < safesearch is off >, < images > # Dogpile, Excite, Webcrawler < likely to contain adult content >,< results with adult content > # AlltheWeb <offensive content filter is off>,<results with offensive content> #----- These stop adult/offensive images if safe search is turned off for an image search engine. 2. Change firefox preferences to stop use of secure proxy sites to gain access to blocked sites: For Firefox: Modify the file sudo gedit /usr/lib/firefox/firefox.cfg by adding the following: lockPref("network.proxy.http", "127.0.0.1"); lockPref("network.proxy.http_port", 8080); lockPref("network.proxy.type", 1); lockPref("network.proxy.no_proxies_on", "localhost, 127.0.0.1"); This will lock the proxy settings in firefox preferences if it is considered necessary to block access to secure proxy sites such as : https://proxify.com (these provide an unfiltered gateway out!) Please note that the firefox.cfg file is overwritten each time there is a firefox update!! --Tony
Last edited by tonhou; September 23rd, 2006 at 03:27 AM.
Another simple to setup filtering option if you use Firefox is to use the extension blockxxx. Unfortunately it has not been available for Firefox 1.5 but here is an updated version: http://cvs.linex.org/blockxxx-0.4.1-fx.xpi To install go to File -> Open File (and point to where blockxxx is downloaded to). It seems to do a reasonable job with the default lists, but needs extra blocking URL's to stop/tighten search engine changing of preferences. I have also imported a larger list of blockable words. --Tony
I recommend the script that automatically installs dansguardian (with firehol & tinyproxy - as above) along with a smart graphical front end to change filters that has been put together by Jereme found here: http://www.ubuntuforums.org/showthread.php?t=237355 --Tony
Originally Posted by tonhou I recommend the script that automatically installs dansguardian (with firehol & tinyproxy - as above) along with a smart graphical front end to change filters that has been put together by Jereme found here: http://www.ubuntuforums.org/showthread.php?t=237355 --Tony Can you get just the gui frond end? I've followed the above howto and have dansguardian working properly, but a gui tool for configuration would be nice.
Ubuntu Forums Code of Conduct