\_ I am trying to create a web content filter at the choke point of my network
\_ that will provide a safe web surfing environment for children downstream (on
\_ the internal LAN).  

My particular bent on this is that you shouldn't filter *at all*.  If
little Jack is interested on how the birds and bees fit together, he's
gonna find out one way or the other.  Maybe visiting the library and
looking at the 'art' books.  If Jill wants to find out about doobies
and gnapster isn't providing her the brotherly answer already, then a
side trip, again, to the accursed public library will.  Or, as
mentioned before, jargon + JLF-proxy....  

It's similar to what I espouse at companies.  Surfing of
'innappropriate' web sites should follow the standard disciplinary
policies already in place.

For kids, you can't stop information from trickling in, but if you get
your *accurate* information in first, then contrary information will
be second and be viewed with skepticism.  It's the old 'learn from the
playground/street or learn from home'.

Sure, throw a caching proxy w/ logging on the firewall and log.  If
you notice objectionable material flowing by ("wow!  I didn't think
that was physically possible") then it's probably time to sit down and
have a chat with the offender.  

Repeated offenses by youngsters means you either revoke
computer/surfing priveleges or have a much *longer* talk with them and
answer questions they must obviously have, or should have.

For related reading, see http://www.peacefire.org , IIRC.

David