Forbidding or not access to webpages of network users

Kevin Kinsey kdk at
Wed Apr 11 12:43:08 UTC 2007

DSA - JCR wrote:
> Hi all in this list
> I want to know if there is a way to forbid to network users the access to
> fixed webpages.


> The example, I work in an enterprise in which several users are accesing
> to webpages others than the enterprise's own.
> I want that the users can only access to the the webpages and services of
> the enterprise, but also that 2 PC can access everywhere (the boss ones).
> Can I make it with FreeBSD? How? I have read the Firewall handbook pages,
> but i don't know exactly if i can do it with PF, IPF or IPFW (or something
> else). (examples?)
A common solution is to install a proxy server (such as Squid [/usr/ports/www/squid])
and set the firewall to not allow traffic from any machines out to the WWW except
the proxy server.

Squid can utilize "Access Control Lists"; here's a statement from my "squid.conf":

        acl banned_sites url_regex -i "/etc/banned/porn"
        http_access deny banned_sites

        acl banned_sites2 url_regex -i "/etc/banned/games"
        http_access deny banned_sites2

You can also have an "allow only" list and deny all other requests.

> My users are W2K.
> On the otherhand, I think this is a common problem, isn't it? ;D

For many people, yes.

Kevin Kinsey
Rules for Academic Deans:
	(1)  HIDE!!!!
	(2)  If they find you, LIE!!!!
		-- Father Damian C. Fandal

More information about the freebsd-questions mailing list