First, let me see if I understand the problem correctly:

1) There are quite a few communities which want to be able to access the 
internet in a controlled fashion.

2) The local community leadership decides what the community should be able 
to access.

3) The desired white-list is community specific (although probably quite 
similar from community to community)

4) There is some form of inter-community cooperation that would make a 
'global' solution appropriate.

5) Each community will have its own physical connection to the internet, 
probably through many different ISPs.

--------------------------------

If those are the parameters, then this is the solution I see:

1) The connection to the local ISP is made through hardware only accessible 
to the community leadership.

2) A simple router be inserted between the community and the ISP connection.

3) Disable any 'default' routes on the router and establish explicit routes 
to the 'whitelist' sites only.

4) Use remote administration from a central location to manage the routers.

5) Have a standard 'white-list' default of routes that is sent to all the 
routers.

6) Allow each community to establish a private 'white-list' extension and 
'blick-list' override using a web tool to the central location.

7) This central location could also maintain SMTP and POP3 servers to manage 
email for all the communities. This would allow virus detection/removal and 
spam control to be done centrally.

Bob  Ammerman
RAm Systems






-- 
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist