> Set up a linux box as a gateway with 2 network ports and
> use ipchains or iptables to block direct links to
> YouTube, while allowing embedded links.
This is almost exactly what I did.
Linux box with 2 network ports.
One connected to the DSL modem, other connected to the Wireless Access Point (WAP). I actually have two subnets, one that I use for work, and the other for the rest of the family.
Linux box also provides a proxy server for the family subnet and runs Dansguardian. Unless it’s in the Dansguardian “whitelist”, you can’t access it. You can get quite granular, not only with web pages, but with users.
Linux box also provides a mailserver. Every email that comes in or goes out is copied to me.
Of course, all chat, social networking, and external mail servers are blocked by Dansguardian.
Linux box also has Network Attached Storage (NAS) and runs Samba. We have hundreds of movies and thousands of music CDs available. Using smb.conf to create access for various “groups”, I can limit access to the various available media according to age.
Media works best if you’re using Wireless-N (300 Mb), unless, of course, everybody decides to access a movie at the same time.
:)
I presume you don’t give your family audience a Linux account.
Otherwise, they could run a browser remotely on Linux by running an X-server on their Windows boxes.
You can get incredibly granular if you write your own scripts or code to parse the headers, and link it into iptables. Read the source, Luke. It's open because we change it when we want to meet our needs of the moment. ;)
But it's really, really good to worldproof the child. 'Teach him in the way he should go, and he will not depart from it'
/johnny