[Nottingham] Child safe Ubuntu

Mike Cardwell nlug at lists.grepular.com
Fri May 24 13:53:49 UTC 2013 

* on the Fri, May 24, 2013 at 12:26:51PM +0100, Jason Irwin wrote:

>> Is there any good software to make it safe for children to use the
>> internet on Ubuntu?

> OpenDNS provide a kind-of net-nanny service.  There's various tiers and
> you make use of it by updating your DNS settings on your
> clients/routers.  Dead easy to do and protects the network in a oner.
> Make sure your kids' accounts are restricted so they can't fiddle the
> local DNS settings!

If you have a linux based router, you could do the following:

1.) Set up a local caching resolver.

2.) Configure your local caching resolver to forward requests to OpenDNS
    for particular IPs in your LAN, or excluding particular IPs on your
    LAN.

3.) Intercept all outgoing udp/tcp port 53 packets that didn't originate
    from your local resolver and redirect them to your local resolver
    (using iptables).

That way you can force everything through your own DNS system, and set up
two separate tiers of DNS. One censored, one uncensored.

> I think Linux Format issue 166 had an article on all this.  You are
> welcome to my copy if I still have it lying around.
> 
> TO be honest though, the best option is probably restricted time on the
> PC and supervision whilst using the PC.  It's simply too easy for a
> smart kid to figure out how to by-pass all the restrictions.  Although
> you could take the view that when they are old enough to figure out how
> to do that, they're probably old enough to not be phased by what they see.

The simplest solution is to probably just tell the kids that the network is
monitored and that you'll be alerted to any accesses of dodgy websites, and
that if they "accidentally" get forwarded to one, they'd better come and
tell you otherwise you'll assume it wasn't an accident.

Technical solutions are more fun though.

You could also set up a transparent web proxy using Squid, and then add a
blacklist like this: http://www.squidblacklist.org/ - That way you also
get the benefit of a local web cache which may speed up browsing in some
circumstances.

-- 
Mike Cardwell  https://grepular.com/     http://cardwellit.com/
OpenPGP Key    35BC AF1D 3AA2 1F84 3DC3  B0CF 70A5 F512 0018 461F
XMPP OTR Key   8924 B06A 7917 AAF3 DBB1  BF1B 295C 3C78 3EF1 46B4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 598 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/nottingham/attachments/20130524/ed025135/attachment.pgp>

More information about the Nottingham mailing list