Content filtering through pf?

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Content filtering through pf?

alan01346
I'm wondering if it's possible to do content filtering in a firewall.
Maybe with something that cooperates with pf.  I'm on a very limited
(5 GB/month) metered internet connection through a cell phone and I'm
not the only user when I have it shared over wifi.  I'd like to block
video because it's an incredible waste.  Problematic clients are
Android/Kindle.  User competence in not clicking where they shouldn't
is sometimes an issue.

I can see this happening if there's a file size available during
transfers, if the size is under a certain threshold value it just
passes without interference, over a certain size the first few bytes
of the file get checked.  If it fails the check that exact URL to the
file would get blacklisted for maybe 24 hours.  I've noticed watching
random transfers with wget that in some cases it knows the file size
from somewhere and sometimes not.  Presumably there's no size
available on streaming video so just block it.

There seems to be an abundance of video in advertising in apps but
also in news apps there's a mix of video and text stories.  Most of
the world assumes bandwidth is free and fast.  Some videos are bigger
than entire operating systems, and most are fairly pointless.  If the
transfer is happening over an ssl connection maybe not much can be
done since from the firewall's perspective it's just encrypted data,
essentially inside a tunnel.

Reply | Threaded
Open this post in threaded view
|

Re: Content filtering through pf?

sven falempin
Not a pf job

Best to greese monkey your js to drop <video> or stuff like
http://www.opera.com/blogs/news/2015/11/how-operas-video-compression-technology-works/

Last ressort : relayd + mime type filtering.

On Thu, Feb 23, 2017 at 10:27 AM, Alan Corey <[hidden email]> wrote:

> I'm wondering if it's possible to do content filtering in a firewall.
> Maybe with something that cooperates with pf.  I'm on a very limited
> (5 GB/month) metered internet connection through a cell phone and I'm
> not the only user when I have it shared over wifi.  I'd like to block
> video because it's an incredible waste.  Problematic clients are
> Android/Kindle.  User competence in not clicking where they shouldn't
> is sometimes an issue.
>
> I can see this happening if there's a file size available during
> transfers, if the size is under a certain threshold value it just
> passes without interference, over a certain size the first few bytes
> of the file get checked.  If it fails the check that exact URL to the
> file would get blacklisted for maybe 24 hours.  I've noticed watching
> random transfers with wget that in some cases it knows the file size
> from somewhere and sometimes not.  Presumably there's no size
> available on streaming video so just block it.
>
> There seems to be an abundance of video in advertising in apps but
> also in news apps there's a mix of video and text stories.  Most of
> the world assumes bandwidth is free and fast.  Some videos are bigger
> than entire operating systems, and most are fairly pointless.  If the
> transfer is happening over an ssl connection maybe not much can be
> done since from the firewall's perspective it's just encrypted data,
> essentially inside a tunnel.
>
>


--
---------------------------------------------------------------------------------------------------------------------
() ascii ribbon campaign - against html e-mail
/\

Reply | Threaded
Open this post in threaded view
|

Re: Content filtering through pf?

Jiri B-2
In reply to this post by alan01346
On Thu, Feb 23, 2017 at 10:27:20AM -0500, Alan Corey wrote:

> I'm wondering if it's possible to do content filtering in a firewall.
> Maybe with something that cooperates with pf.  I'm on a very limited
> (5 GB/month) metered internet connection through a cell phone and I'm
> not the only user when I have it shared over wifi.  I'd like to block
> video because it's an incredible waste.  Problematic clients are
> Android/Kindle.  User competence in not clicking where they shouldn't
> is sometimes an issue.
>
> I can see this happening if there's a file size available during
> transfers, if the size is under a certain threshold value it just
> passes without interference, over a certain size the first few bytes
> of the file get checked.  If it fails the check that exact URL to the
> file would get blacklisted for maybe 24 hours.  I've noticed watching
> random transfers with wget that in some cases it knows the file size
> from somewhere and sometimes not.  Presumably there's no size
> available on streaming video so just block it.
>
> There seems to be an abundance of video in advertising in apps but
> also in news apps there's a mix of video and text stories.  Most of
> the world assumes bandwidth is free and fast.  Some videos are bigger
> than entire operating systems, and most are fairly pointless.  If the
> transfer is happening over an ssl connection maybe not much can be
> done since from the firewall's perspective it's just encrypted data,
> essentially inside a tunnel.

That sounds like work for Squid in intercepting proxy.

j.

Reply | Threaded
Open this post in threaded view
|

Re: Content filtering through pf?

alan01346
In reply to this post by alan01346
I'm looking at privoxy although I'm not sure it's more appropriate
than squid.  I'm hoping to run this on a Raspberry Pi or Zero so it'll
most likely be under Raspbian.

Right now I use the standard Android "Portable Wi-Fi hotspot" in the
phone.  I run it open (no password) because I'm in a very rural area
and don't need them.  I want to tether by USB to some box I have
better control over.  Then set up an AP on that which effectively
replaces the one in the phone (with a gain antenna to boot).

One thing that just occurred to me is that I can set up in the AP's
dhcpd.conf the MAC addresses of my trusted machines so they will
bypass the proxy entirely, or maybe use a different one just for ad
blocking.  And hopefully prioritize bandwidth usage, setting my
trusted MAC addresses with the highest priority.  Everything else by
default will get fed through the proxy.

I'd rather not rely on mime types because I don't know that mime is
even used by proprietary things like the Washington Post, BBC, NPR,
etc. Android news clients.  They could be specialized web browsers, or
they could work with pure binary data.  There's no reason for them to
be compatible with the rest of the world since they run the servers
and write the clients.  I suspect they were lazier than that though.

--
-------------
No, I won't  call it "climate change", do you have a "reality problem"? - AB1JX
Impeach  Impeach  Impeach  Impeach  Impeach  Impeach  Impeach  Impeach

Reply | Threaded
Open this post in threaded view
|

Re: Content filtering through pf?

Maxim Bourmistrov-5
privoxy will be faster I think. as well as footprint on the system.
But both privoxy and squid are a bit different, especially if you’ll need to
chain proxies.


> 24 feb. 2017 kl. 17:39 skrev Alan Corey <[hidden email]>:
>
> I'm looking at privoxy although I'm not sure it's more appropriate
> than squid.  I'm hoping to run this on a Raspberry Pi or Zero so it'll
> most likely be under Raspbian.