Squid for Beginner

[Rocky007]

Hello,

what i want to do is the following:

• Detect the best setup for my scenario (normal or transparent)
  
• Block Access to sites by content words or full urls
  
• Filter out ads
  
• Deny download from specific files
  
• Access to internet just for specific time
  
• Contingents who can use the internet how long a day/a week etc... (maybe with login username and pasword on local machines Win/Mac/Linux)
  
• Scan files at download by clamav
  

Scenario is the following:

currently:

both behind a fritz box
br0 192.168.178.29
enp6s0 192.168.178.30 backup for br0

planned:

enp7s0 and wlp10s0 are br0 (local lan)
enp6s0 wan

br0 will have dhcp and dns
can have 2 subnets
- 192.168.1.0/24 - allowed fixed ips in dhcp
- 192.168.178.0/24 - all not fixed ips and guests

Guest Net 192.168.178.0/24 will in the beginning have no proxy, will this configure later
Internal LAN 192.168.1.0/24 will have to go through proxy for http and https, nothing else should be filtered

Hope you can help me

[NeddySeagoon]

Rocky007,

Before you decide what you need to do, you need to look at your threat model, then decide what defences should be put in place.

If you are trying to regulate teenagers, they will tether their mobile phones or find some other workaround.
e.g. a free VPS service, go round to a friends .. ssh tunnel to a friends, whatever.
They are the worst group of hackers you could ever hope to work with because they don't know what is possible until they try.
They will try.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.

[Rocky007]

For a priority list I would

block ads
Block sites like piracy streaming and so on as I won't be abused to illegal activities (espacially with guest wlan)
Block file downloads
Scan downloaded files

Access control is not so important