Web filtering with Ubuntu, and Dans Guardian

OK, I have kiddies at home, kiddies that need not be exposed to some of the stuff on the net. Really it’s just too easy for them to wander off into the bushes and see stuff that a 7, 10 and 13 year old just doesn’t need to see.

Thus after much deliberation and investigation it was decided that Dansguardian was the way to go.

I initially installed the server version of feisty on an old laptop to give this a go.  It worked out OK, but the old laptop just didn’t have enough to keep things running smoothly for more than an hour. The lack of a GUI also made things a little more difficult when looking at the logs and stuff. (I was trapped in a 640×480 console environment and it just sucked).

So today I started over, again using the standard version of Ubuntu ‘Feisty edition’. If you’re using the server edition you can use this tutorial, which given it’s age has some pitfalls. Most notably you need to edit the firehol script to replace all instances of ‘%q’ with ‘%b’.

sudo gedit /lib/firehol/firehol (replace vi with you editor of choice) and replace all %q strings with %b.
This is documented in that thread somewhere toward page 7 I think.

After fumbling through that again, I figured there had to be a better way, and there is.

I opted for the Dansguardian/Web Content Filtering Only installer from the ‘Christian Edition’.

You still need to install ‘squid’ sudo apt-get squid

But after that it’s fairly painless. It also includes a pretty handy gui for tweaking the Dansguardian files.

The base network is set up like so:


Items of note:

  • Not all computers are filtered, but anyone can be by using the proxy manually by configuring the browser to do so.
  • Computers I WANT to be filtered are forced to do so by the following:
    • They have DHCP reservations for both their ethernet address and through the wireless to get an IP that I want them to have.
    • DHCP also give them bad DNS info.
    • They can access printers and what not on the local network.
    • Any traffic that tries to get outside from these addresses is dropped by an Access list in the router.
    • To surf, their browsers must be configured to use the proxy .99 on my network, else they go nowhere.
  • Yes, this isn’t perfect
    • The easy end around on this is to change your IP, and hard-code it to a valid IP.
    • But my kids can’t do that (yet) and they aren’t admins on the machines that are forced to the proxy anyway.
  • I’m sure there may be other ways around it that I haven’t thought of, but for now this is working well.

2 Replies to “Web filtering with Ubuntu, and Dans Guardian”

  1. Hi,

    Don’t replace %q with %b in firehol. It will brake under certain circumstances.
    Upgrade to at v1.256. This version is BASH 3.2 and kernel 2.6.20+ compatible.

    Although a bit philosophical, I would suggest to put dansguardian in monitor mode rather than filtering mode. This means that your kids will have the freedom to do view whatever they like, but you will be alerted by dansguardian when they access something they should not. Once you have been alerted you will have the chance to discuss with your kids, find out what they think about it, or give them reasons for dropping such content.

    I believe this is better than just forbidding things…



  2. While I *agree* with monitor mode for older kids…

    It’s just not going to happen for the younger ones… It’s far to simple for them to ‘stumble on’ stuff they aren’t looking for.

    To me that’s the same as walking them into an adult bookstore and asking them to not look around or notice anything.

    There are plenty of discussions you don’t need to have with 6 to 10 year olds, simply because they wandered somewhere they shouldn’t have.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.