From: "Michael French" <mfrench@ashevillemail.com>
To: linux-admin@vger.kernel.org
Subject: Re: iptables mangling rule
Date: Sun, 1 Jun 2003 03:03:31 -0700 [thread overview]
Message-ID: <000b01c32825$0ecb95b0$0300a8c0@savvis.ad.savvis.net> (raw)
In-Reply-To: 16089.31596.53200.837683@cerise.nosuchdomain.co.uk
Glen's right, it's almost impossible to filter out all of the
"undesirable" content. Another issue to consider is the legal issue. By
attempting to filter content, the school is accepting the responsibility of
censoring and in doing so, can be held liable for what content does get
through. Also, orginazations such as the ACLU have fought several of these
cases in court against libraries for doing the same thing, stating that the
libraries are going against the first amendment with such censorship. You
might be setting up the school for legal action from the other side too.
The best thing for a school to do is to have a strict usage policy that
is clearly posted and to have the computers in publicly viewable location.
I am not a lawyer, but just wanted to insert my $0.02. Googling the subject
might help, here is one link:
http://lrs.ed.uiuc.edu/wp/censorship/filtering/individual.htm
Michael French
----- Original Message -----
From: "Glynn Clements" <glynn.clements@virgin.net>
To: <davidgn@servidor.unam.mx>
Cc: <linux-admin@vger.kernel.org>
Sent: Saturday, May 31, 2003 9:05 PM
Subject: Re: iptables mangling rule
>
> David Eduardo Gomez Noguera wrote:
>
> > In a school, they want to set up a firewall that should filter pornsites
> > and the like.
> > Anyone can give me a hand there?
> >
> > The solution I thought about was setting up a proxy, and using the proxy
> > to filter some sites.
> > However, I couldt think how to use iptables to force every connection to
> > with destination port 80 to go to the proxy.
>
> You can run an HTTP server on any port, not just port 80. Servers
> whose content is particularly likely to be blocked often run on ports
> other than 80.
>
> If you want filtering to be effective, you have to block all direct
> connections, so that everything has to go through an application-layer
> proxy.
>
> Even then, content-based filtering is notoriously unreliable. Not only
> will a substantial proportion of "undesirable" sites still be
> accessible, you will also end up blocking a significant number of
> legitimate sites.
>
> --
> Glynn Clements <glynn.clements@virgin.net>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
prev parent reply other threads:[~2003-06-01 10:03 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-05-31 21:53 iptables mangling rule David Eduardo Gomez Noguera
2003-05-31 22:11 ` Joakim Ryden
2003-06-01 4:05 ` Glynn Clements
2003-06-01 10:03 ` Michael French [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='000b01c32825$0ecb95b0$0300a8c0@savvis.ad.savvis.net' \
--to=mfrench@ashevillemail.com \
--cc=linux-admin@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).