Hi,
I've reviewed the info provided by Paul at the LUG Meeting and have come up against some problems. His main suggestion was Squid Guard, which is actually a 'Net Nanny' type solution and relies on an underlying installation of squid3. This is actually a proxy caching server, rather than a firewall. There are several pages on the Internet that give fairly detailed instructions on how to set up Squid Guard, but by following those, we'd end up with a system that allows access to everything except pages that contain Adult content. Not quite what we want!
That's the problem, most firewall / net filtering solutions expect that the clients will be granted access to most things, with restrictions on just a few sites, (eg a business might stop it's employees accessing Facebook or Twitter during working hours perhaps). What we want is diametrically opposite to that. We want our clients to be granted access to nothing except those few sites that Android uses to establish that it is not in a walled garden, eg:
Code: Select all
clients3.google.com
clients.l.google.com
connectivitycheck.android.com
connectivitycheck.gstatic.com
play.googleapis.com
I'm sure that any firewall can be set up to do that, but my limited skill-set in that area is failing me at the moment; for example, the squid.conf file is very nearly 8000 lines long. On the other hand Squid Guard appears to be a bit simpler and seems to have places where I could list the allowed and barred clients and also the allowed and barred destinations. So if I can wade through squid.conf, I might be able to do something with it.
- Webserver_Filter.gif (31.25 KiB) Viewed 1500 times
More work is clearly needed. In the meantime, I've produced a diagram of the physical architecture: