I'd add that since you control the clients' default router (if I am understanding), you could start filtering all outbound traffic * and force them to come through your http proxy to access the 'net.
* There may be some exceptions, e.g. name lookups.
__________________
Kill your t.v.
|