I am using Mandriva 10.1 and have installed shorewall version 2.0.8. I have blocked all access to the internet but want to allow users access to just a few websites. I was wondering how i could do this and is shorewall the best option?

Thanks for any help.

Forgot to add my shorewall files just in case its any help.
Thanks



SHOREWALL.CONF
LOGFILE=/var/log/messages
LOGFORMAT="Shorewall:%s:%s:"
LOGRATE=
LOGBURST=
BLACKLIST_LOGLEVEL=
LOGNEWNOTSYN=info
MACLIST_LOG_LEVEL=info
TCP_FLAGS_LOG_LEVEL=info
RFC1918_LOG_LEVEL=info
SMURF_LOG_LEVEL=info
BOGON_LOG_LEVEL=info
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK=/var/lock/subsys/shorewall
STATEDIR=/var/lib/shorewall
MODULESDIR=
CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
RESTOREFILE=
FW=fw
IP_FORWARDING=On
ADD_IP_ALIASES=Yes
ADD_SNAT_ALIASES=No
TC_ENABLED=No
CLEAR_TC=Yes
MARK_IN_FORWARD_CHAIN=No
CLAMPMSS=No
ROUTE_FILTER=No
DETECT_DNAT_IPADDRS=No
MUTEX_TIMEOUT=60
NEWNOTSYN=Yes
ADMINISABSENTMINDED=Yes
BLACKLISTNEWONLY=Yes
MODULE_SUFFIX=
DISABLE_IPV6=Yes
BRIDGING=No
DYNAMIC_ZONES=No
PKTTYPE=Yes
BLACKLIST_DISPOSITION=DROP
MACLIST_DISPOSITION=REJECT
TCP_FLAGS_DISPOSITION=DROP
#LAST LINE -- DO NOT REMOVE

INTERFACES
no interfaces

ZONES
net Net Internet
loc Local Local networks
dmz DMZ Demilitarized zone

POLICY
loc net ACCEPT
net all DROP info
all all REJECT info

RULES
ACCEPT net loc:216.239.39.99 tcp http[/b]

Have you considered using web proxy software? In my small network, all direct internet access is denied by the router - everything has to go via the privacy-enhanced proxy running on a server. The URLs get logged, URLs are restricted and the HTML is filtered to remove most of the normal dross/abuses such as pop-ups, cookie tracking, advertising, etc.

With the client proxy configuration set up properly, all local content is accessed directly while all internet access is via the proxy.

See http://www.privoxy.org/