<![CDATA[Okay. So question for #linux or #security folks.]]>Okay. So question for or folks.

I want to set up a () computer set up as a public access computer.

I know how to harden the OS to avoid tampering. But how can I filter content? I'm already getting questions like, how can we prevent people from looking up inappropriate things?

How would you do it?

]]>https://forum.fedi.dk/topic/d8e621c6-e211-4c1d-a069-31093dc61b15/okay.-so-question-for-linux-or-security-folks.RSS for NodeWed, 03 Jun 2026 09:13:37 GMTThu, 21 May 2026 15:54:13 GMT60<![CDATA[Reply to Okay. So question for #linux or #security folks. on Thu, 21 May 2026 16:12:44 GMT]]>@codemonkeymike
Remember to lock down browsers and apps to only use port 53 for dns. And no access to browser configs.

]]>https://forum.fedi.dk/post/https://social.data.coop/users/alf149/statuses/116613445358088723https://forum.fedi.dk/post/https://social.data.coop/users/alf149/statuses/116613445358088723Thu, 21 May 2026 16:12:44 GMT<![CDATA[Reply to Okay. So question for #linux or #security folks. on Thu, 21 May 2026 16:03:29 GMT]]>webserver or do they access over ssh?

ufw and fail2ban maybe?]]>https://forum.fedi.dk/post/https://mostr.pub/objects/84bc93defaac9eddd36ccfe941e13308855d22d1ce091655d1da0f6cdd89dd71https://forum.fedi.dk/post/https://mostr.pub/objects/84bc93defaac9eddd36ccfe941e13308855d22d1ce091655d1da0f6cdd89dd71Thu, 21 May 2026 16:03:29 GMT<![CDATA[Reply to Okay. So question for #linux or #security folks. on Thu, 21 May 2026 16:01:51 GMT]]>@codemonkeymike could use a separate pi-hole as a DNS server and filter using that. All DNS lookups would go through it. And you can put strict filters there, Its separate piece of equip the user has 0 access to. My 2 cents.

]]>https://forum.fedi.dk/post/https://defcon.social/users/970uts1d3/statuses/116613402558396534https://forum.fedi.dk/post/https://defcon.social/users/970uts1d3/statuses/116613402558396534Thu, 21 May 2026 16:01:51 GMT<![CDATA[Reply to Okay. So question for #linux or #security folks. on Thu, 21 May 2026 16:01:05 GMT]]>@codemonkeymike Depends on how technical you are , I would just filter that shit at the layer 3 so a router. Or at layer 7 application and use a firewall tool. Or setup or

]]>https://forum.fedi.dk/post/https://masto.hackers.town/users/nixfreak/statuses/116613399514748520https://forum.fedi.dk/post/https://masto.hackers.town/users/nixfreak/statuses/116613399514748520Thu, 21 May 2026 16:01:05 GMT<![CDATA[Reply to Okay. So question for #linux or #security folks. on Thu, 21 May 2026 16:00:52 GMT]]>@codemonkeymike You may use the /etc/hosts file if you're wanting to block sites from the device itself, problem being you'd most likely have to manually maintain it / add it as a nixOS package and then have to auto update your hosts.

]]>https://forum.fedi.dk/post/https://fosstodon.org/users/Techwizz/statuses/116613398715693169https://forum.fedi.dk/post/https://fosstodon.org/users/Techwizz/statuses/116613398715693169Thu, 21 May 2026 16:00:52 GMT<![CDATA[Reply to Okay. So question for #linux or #security folks. on Thu, 21 May 2026 15:58:11 GMT]]>@codemonkeymike There are certain aspects you can look into like DNS filtering and blacklisting.

However, after some decades in IT I can tell you that it is virtually impossible to prevent all conceivable misuse.

If you have a browser that is not in a *whitelist* mode, they will access stuff.

Just as an example, for cases like these, I have a VPN machine with a dedicated IP somewhere* I can ask to reverse-proxy stuff for me.

* Not gonna tell you ๐Ÿ˜œ

]]>https://forum.fedi.dk/post/https://norden.social/users/ftranschel/statuses/116613388134766567https://forum.fedi.dk/post/https://norden.social/users/ftranschel/statuses/116613388134766567Thu, 21 May 2026 15:58:11 GMT<![CDATA[Reply to Okay. So question for #linux or #security folks. on Thu, 21 May 2026 15:58:06 GMT]]>@codemonkeymike
A local docker with pihole as the DNS (filters could be controlled from a git repo, havenโ€™t tried this)

]]>https://forum.fedi.dk/post/https://social.data.coop/users/alf149/statuses/116613387799499909https://forum.fedi.dk/post/https://social.data.coop/users/alf149/statuses/116613387799499909Thu, 21 May 2026 15:58:06 GMT