Setting up Transparent Content Filter on Gateway with Privoxy

From Alpine Linux
Revision as of 02:52, 21 September 2017 by John3-16 (talk | contribs) (Categorized: Software, Proxy Server, Security)

These instructions set up a transparent web content filter on the gateway, using privoxy. By default Privoxy contains a crude parental-controls filter that can filter many pornographic sites. Its not perfect, but nothing is.

This is significantly lighter weight than squid+dansguardian or squid+squark; and may be suitable for a small home network.


Install Privoxy

  • Install privoxy

apk add privoxy

  • Edit the /etc/privoxy/config file, and edit the listen-address:
listen-address  :8080 

# We will be doing intercepting proxying
accept-intercepted-requests 1 
  • Edit /etc/privoxy/default.filter. The default "sex" rule matches lots of javascript, like "trendsexplorer".
    Search for "parental", and change the line regarding "sex" to:
s%^.*(?<!middle)(?<!sus)(?<!es)sexy.*$%<html><head><title>Blocked</title></head><body>\
<h3>Blocked by Privoxy's crude-parental filter due to possible adult content.</h3></body></html>%is

This is going to loosen the rules a bit, but should still block most stuff.

  • Edit /etc/privoxy/user.action file, and add the following to the end
# Content filter everything
{+filter{crude-parental}}                      
/.*
                                                                             
# Anything here gets whitelisted
{-filter{crude-parental}}                                                    
wiki.alpinelinux.org
  • If you do not want to advertise you are using privoxy, edit /etc/privoxy/default.filter, search for the parental-crude filter, and change the text as you like.
  • Start privoxy

/etc/init.d/privoxy

  • add privoxy to the startup scripts

rc-update add privoxy

  • To test, set your browser to use 192.168.1.1:8080 as the proxy, and enter "http://config.privoxy.org" - you should go to the privoxy page.
  • Unset your browser's proxy settings.

Set up Transparent Proxy Redirection

  • Add awall

apk add awall

  • Create /etc/awall/optional/home-firewall.json - Change the interfaces in the zones as appropriate:
{
"description":  "Home Firewall",

"zone": {
        "inet" : { "iface" : "eth1" },
        "loc"  : { "iface" : "eth0" }
        },

"policy": [
        { "in": "_fw", "action": "accept" },
        { "in": "loc", "out": "inet", "action": "accept" },
        { "in": "loc", "out": "_fw", "action": "accept" }
        ],

"snat": [
        { "out": "inet" }
        ],

"dnat": [
        { "in": "loc", "service": "http", "to-port": 8080 }
        ]
}
  • Enable the firewall

awall enable home-firewall

  • Activate it

awall activate