When my kids use the internet, I set up Firefox so that they can only access a list of approved sites. Here’s how I do it (thanks to DrBacchus and skippy for the assist):

Install squid (Squid is a caching proxy for the Web):
$ sudo apt-get install squid

Modify squid.conf:
$ sudo vi /etc/squid/squid.conf

Set “visible_hostname” to the hostname of the machine:
visible_hostname yourmachinename

Set “http_access” to allow access only to the domains specified in your whitelist (I store my whitelist at /opt/squid/allowed_domains):
acl allowed_dstdomains dstdomain "/opt/squid/allowed_domains"
http_access allow allowed_dstdomains

Set up your whitelist file, here is an example:
$ sudo vi /opt/squid/allowed_domains
.tamatown.com
.tamagotchi.com
.webkinz.com

Restart squid for the changes to take affect:
$ sudo /etc/init.d/squid restart

Then, set your child’s Firefox settings to use your squid instance as their proxy server. In Firefox, Edit > Preferences > Advanced > Network > Connection Settings > Manual Proxy Configuration:

Hostname: yourmachinehostname (or localhost)
Port: 3128 (this is the default port for squid)
Use this proxy server for all protocols.

Drawbacks: You must manually add any address you want your child to be allowed to access into your allowed_domains file (hence “whitelist” instead of “blacklist”). Also, if your child is savvy enough to know how to disable the Firefox proxy settings, then they can bypass this.

I created a shell script to automatically append a domain to my “allowed_domains” file and then restart the squid service:
#!/bin/sh
if [ "$#" != "1" ] ; then
echo “usage is $0 [domain] ”
exit
fi
echo $1 | sudo tee -a /opt/squid/allowed_domains
sudo /etc/init.d/squid restart
Replace “/opt/squid/allowed_domains” with the location and name of your allowed domains list

Example usage would be:
./squid_add .wikipedia.org