Robert Ammerman wrote:

> First, let me see if I understand the problem correctly:
> 
> 1) There are quite a few communities which want to be able to access the 
> internet in a controlled fashion.
> 
> 2) The local community leadership decides what the community should be able 
> to access.
> 
> 3) The desired white-list is community specific (although probably quite 
> similar from community to community)
> 
> 4) There is some form of inter-community cooperation that would make a 
> 'global' solution appropriate.
> 
> 5) Each community will have its own physical connection to the internet, 
> probably through many different ISPs.
> 
> --------------------------------
> 
> If those are the parameters, then this is the solution I see:
> 
> 1) The connection to the local ISP is made through hardware only accessible 
> to the community leadership.
> 
> 2) A simple router be inserted between the community and the ISP connection.

Possibly use routers with built-in address filtering. For example, my old
SMC Barricade has a setting that allows blocking of 30 URLs. You may find
one with more elaborate settings in this area.

> 3) Disable any 'default' routes on the router and establish explicit routes 
> to the 'whitelist' sites only.

Which then would be permitted URLs instead of routes. One disadvantage of
explicit routes to whitelist sites is that AFAIK these don't follow
automatically IP changes of the whitelist URLs.

> 4) Use remote administration from a central location to manage the routers.

Most of the hardware routers allow remote administration through http.

Gerhard

-- 
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist