Create your very own home or small office "great firewall of Cameron".

The internet is all a buzz with the announcement of UK ISPs flicking the switch to "default on" filtering, "the great firewall of Cameron" . From a technical stand point there is very little detail on how they will be implemented other than probably being based on an openDNS and Huawei solution. 

If the system just means your ISP automatically gives you an openDNS server, then its a rubbish solution, its like trying to stop people taking the tube to Hammersmith by simply taking it off the tube map. 
Anyone technically adept enough to read an internet forum will find out how to change there DNS hint -> ( https://developers.google.com/speed/public-dns/docs/using).
 
If you want to filter http traffic its better to filter on the http level, or if you want whole servers to be blocked, then firewall the IP addresses. 

Luckily using Linux and some awesome open source progams you can setup your very own personal "great firewall" which is even more useful because it allows you to block horrible things like adverts and tracking site. The adblocking is astoundingly effective, stopping most of the youtube and 4OD in video adverts. 

Best of all you are in complete control of this system and not at the mercy of anyone else filtering your content.

Install the required packages

This guide is based on Debian, should work equally well on Ubunutu and need a few tweaks for a Red Hat based distro.

 
root@debian:~# apt-get install squid squidguard apache2

Configure Squid

First setup squid to work as a standard http proxy.

root@debian:~# vim /etc/squid/squid.conf

Change the port to from the standard 3128 to the almost universal accept and way easier to remember 8080

http_port 8080 acl 

Make sure the localnet matches your network environment.

localnet src 192.168.1.0/24

Finally uncomment the http_access to allow your localnet.

http_access allow localnet

Test Squid Proxy

Go ahead and restart squid so your changes are picked up.

root@debian:~# service squid restart
[ ok ] Restarting Squid HTTP proxy: squid.

Point your broswer at the proxy and try to load a page. If you don't know how to configure your browser jump to "". Then check the squid logfile to ensure it is working. You should see see the requests your browser just made.

root@debian:~# tail -f /var/log/squid/access.log 
1375166754.558 106 192.168.1.122 TCP_MISS/302 1285 GET http://www.google.com/ - DIRECT/31.55.163.217 text/html 
1375166754.843 203 192.168.1.122 TCP_MISS/302 1230 GEThttp://www.google.co.uk/? - DIRECT/31.55.163.181 text/html 
1375166756.050 123 192.168.1.122 TCP_MISS/200 724 POST http://safebrowsing.clients.google.com/safebrowsing/gethash? - DIRECT/31.55.163.152 application/octet-stream

Configure SquidGuard

Open up the squid configuration file again.

vim /etc/squid/squid.conf

Add this line at the bottom of the file.

redirect_program /usr/bin/squidGuard -c /etc/squidguard/squidGuard.conf
The best blacklist database I have found is from Shalla Secure Services (free for private usage and partly for commercial usage -> license Edit the squidGuard configuration file. 
root@debian:/etc/squidguard# cd /etc/squidguard/ root@debian:/etc/squidguard# cp squidGuard.conf squidGuard.conf-backup root@debian:/etc/squidguard# > squidGuard.conf root@debian:/etc/squidguard# vi squidGuard.conf

Add the following as a base, tweak it to match what you would like to block. For more details of the categories LINK.

CONTENTS
root@debian:/etc/squidguard# wget http://www.shallalist.de/Downloads/shallalist.tar.gz
root@debian:/etc/squidguard# tar xvzf shallalist.tar.gz 
root@debian:/etc/squidguard# rm -rf shallalist.tar.gz
root@debian:/etc/squidguard# squidGuard -C all -d
root@debian:/etc/squidguard# chown -R proxy:proxy BL/

When an advert has been blocked I like to see a message to remind me that my proxy is blocking content. You should just as easily point it to a transparent .png or cute kitten picture.

root@debian:~# echo 'ZaPpEd!' > /var/www/blocked.html

Finally restart squid for the new squidGuard options to take effect.

root@debian:/etc/squidguard# service squid restart

Setup your browser to use the proxy