How do I restrict users so that, they can only go to certain websites? What devices do I need? And how to configure the settings? Please guide me.
(I was thinking using firewall, set the ip addresses thats allowed to visit. Is that all?) I am new to system administration stuff. Please bear with me.
You need a proxy (which can be built into normal firewalls, or can be special devices, or can be "application aware" firewalls).
Something like squid is very, very common. You can configure it as a transparent firewall if it's on your gateway (in a firewall such as, say, pfsense). Another common one in the Windows world is ISA/TMG.
These solutions all work by actually inspecting the traffic as it flows through the device. Simply blocking IP addresses isn't a particularly good solutions, because a sites IP address may change, or there can be literally thousands of sites sitting on the one IP address. By inspecting the traffic, you can block by:
etc etc. Most devices will even compile a nice report for you to give you a breakdown of your users browsing habits. Top websites, times of day, content types, etc.
The majority of them (like squid and TMG) also include caching, so oft-made requests don't have to go out to the internet and back every time (e.g. the google homepage)
There is a Linux distribution called ClearOS that uses squid and a combination of other associated things in a fairly easy to use and setup system. I had a similar situation as you earlier in the year, and this helped me out a great deal.