[wplug] Linux "parental controls" solutions/appliances?

[Pat Barron]

I was talking to a friend of mine, who is looking for some kind of 
"parental controls" network perimeter security solution.  He has kids, 
and is concerned about what they do on the Internet - doesn't 
necessarily want to spy on everything, per se - but wants to be able to 
to log network activity (in terms of what sites are visited), maybe log 
IM traffic (if not the actual traffic, possibly just the users being 
communicated with, assuming whatever IM is in use isn't encrypted), and 
try to keep the kids in line just knowing the Big Brother is "out 
there".  He's not really looking for something to be installed on each 
computer in the house (particularly since it's not necessarily 
guaranteed that all the computers in the house would be running 
Windows), but more like something that sits at the network perimeter, 
that everything has to pass through.  I'm wondering if there are 
Linux-based solutions out there?  I mean, pretty much anything you'd 
want to do along these lines, I imagine could be done with a combination 
of iptables and syslog.  Is there maybe some kind of "appliance distro" 
for this - something that is (at least somewhat) turnkey, sort of the 
way "CA-in-a-Box" is, where you just install it, configure it, and go, 
and the box doesn't really get used for anything else aside from this 
function?

I'd also sort of wondered if there was an hardware appliance solution 
for something like this, something that you could (for instance) 
re-flash a hackable Linksys (or Asus, or whatever) router with.  
Stumbling blocks I see to that would include the fact that the router 
couldn't really keep a lot of log information itself, and having to send 
log data to some kind of external syslog server or something means you 
need to have an additional box deployed on your internal network anyway, 
and the associated syslog traffic could chew up a lot of your internal 
network bandwidth.

Thanks,
--Pat.