I'm setting up a linux server (DHCP/GW) and i want to secure my kids pc from bad content of the internet.

can i install on my server a program to block acces on the internet. from time until time.

is there even a way to block a pc (windows) to boot unless te linux server say's ok you may boot...

Best regards LOH

You may be able to handle this with a cron under root. Something that turns off the DHCP at one time then turns it back on another.

If you figure this one out, let me know ... not sure you could tie something into the bios of the client machine to check against a server.

For the 2nd qn you could try a BIOS passwd. This is assuming they don't know how to bypass it.

You could simply purchase a router that will accept the dd-wrt firmware. that router firmware will allow you to specify Access Restrictions for PC's.. I have the Linksys WRT54GL and this firmware works great. you could also easily enable disable access for a machine with the web interface of the router.


Restrict Logon times in Linux using PAM
Restrict Login times using Active Directory

I don't think either of those willl help in your situation. You could connfigure a Samba Domain controller and apply user account policies, but I don't believe XP home or Vista Home Basic can join a domain so that might not help either. http://www.samba.org/samba/docs/man/...TO-Collection/

Best of luck, please let us know how you solve this issue.

I'm thinking of using slackware dus anyone have experiens with slackware. for DHCP/GW.

Frank

You could turn off DHCP by default or controlled by a cron job, so that the contents of /etc/hosts take control over name resolving. This means that only hostnames included in that file will be resolved.

Or you can keep DHCP running, but set it so that the /etc/hosts file read first (actually a common default anyway) and you can make the prohibited sites point to localhost, so that those sites will never be displayed, but your local webserver is called with it's default index page.

All this will not help, if the kids know the IP number of the site, because then they will bypass all name resolving instances completely. You could still play around with IP masquerading to modify harmful incoming TCP-packets by redirecting them to some non-existent IP on your local network, but that's quite overkill and needs a lot of tweaking.

If your Windows PC's are configured to be launched via network from a central server (mostly a business solution) then you have some control over booting. But I think that creating accounts with limited permissions (unable to install applications) should be enough for kids.

I actually think that it might be better to talk straight with the kids and give them some trust. Check the browser history to see where they are surfing and talk with if you see something offending. Otherwise this whole thing becomes a prison measure.

Debian

Why don't you look at using squid as a proxy for the PCs to access the internet, and then you can either use access policies in squid, or set up dansguardian to filter sites.

There's probably a simpler proxy than squid you can use as well.