Setting up Transparent Content Filter on Gateway with Privoxy

From Alpine Linux
Revision as of 02:52, 21 September 2017 by John3-16 (talk | contribs) (Categorized: Software, Proxy Server, Security)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

These instructions set up a transparent web content filter on the gateway, using privoxy. By default Privoxy contains a crude parental-controls filter that can filter many pornographic sites. Its not perfect, but nothing is.

This is significantly lighter weight than squid+dansguardian or squid+squark; and may be suitable for a small home network.

Install Privoxy

  • Install privoxy

apk add privoxy

  • Edit the /etc/privoxy/config file, and edit the listen-address:
listen-address  :8080 

# We will be doing intercepting proxying
accept-intercepted-requests 1 
  • Edit /etc/privoxy/default.filter. The default "sex" rule matches lots of javascript, like "trendsexplorer".
    Search for "parental", and change the line regarding "sex" to:
<h3>Blocked by Privoxy's crude-parental filter due to possible adult content.</h3></body></html>%is

This is going to loosen the rules a bit, but should still block most stuff.

  • Edit /etc/privoxy/user.action file, and add the following to the end
# Content filter everything
# Anything here gets whitelisted
  • If you do not want to advertise you are using privoxy, edit /etc/privoxy/default.filter, search for the parental-crude filter, and change the text as you like.
  • Start privoxy


  • add privoxy to the startup scripts

rc-update add privoxy

  • To test, set your browser to use as the proxy, and enter "" - you should go to the privoxy page.
  • Unset your browser's proxy settings.

Set up Transparent Proxy Redirection

  • Add awall

apk add awall

  • Create /etc/awall/optional/home-firewall.json - Change the interfaces in the zones as appropriate:
"description":  "Home Firewall",

"zone": {
        "inet" : { "iface" : "eth1" },
        "loc"  : { "iface" : "eth0" }

"policy": [
        { "in": "_fw", "action": "accept" },
        { "in": "loc", "out": "inet", "action": "accept" },
        { "in": "loc", "out": "_fw", "action": "accept" }

"snat": [
        { "out": "inet" }

"dnat": [
        { "in": "loc", "service": "http", "to-port": 8080 }
  • Enable the firewall

awall enable home-firewall

  • Activate it

awall activate