Internet access restricts for kids

ajeeb · Oct 24, 2013, 2:40 PM

hello,
I have pfsense install + squid + SG , everything just works ok .

but I need one more thing to make an Internet supervisor and open it 8 hour for kids cause sometimes I wake up early and find my kid surf ,

any idea how to make policy according to Machine mac address and block the internet several hours at night !

BR

rjcrowder · Oct 24, 2013, 4:57 PM

One easy way is to use a firewall rule that blocks outbound access to port 80 and 443 and apply it based on a schedule. You can also do it with squidguard - but I couldn't tell you exactly how.

ajeeb · Oct 24, 2013, 6:25 PM

I think it's will block all clients !
and I don't use squidguard ! am using squid+SG

so … that was simple thing , my router-box EA4500 could do that
now I don't have any control about timed access

BR

rjcrowder · Oct 25, 2013, 2:19 AM

@ajeeb:

I think it's will block all clients !
and I don't use squidguard ! am using squid+SG

so … that was simple thing , my router-box EA4500 could do that
now I don't have any control about timed access

BR

OK… I'm a little confused here. You can assign MAC addresses to specific IP's. Then you can block or allow specific IP's, ranges of IP's, etc. on any timeframe that you want. Squidguard can do the same thing. You could also authenticate users by user name (multiple ways to do it) and use squidguard or dansguardian to control access by user.

The bottom line is that you have the ability to control access at any level that you want. I've used multiple open source firewall distributions and commercial or open source router firmwares - and I don't think that any of them give you the breadth of options that pfSense does... Just because you don't understand my answer or can't figure out how to implement the solution - don't blame the platform!

Derf · Oct 25, 2013, 9:27 AM

The solution I use to control kid's surfing time is as following:

Create an alias named 'Kids' wich contains all the IP adresses of kid's devices (PCs, game consoles, …)
Create a schedule named 'AccessDenied' with the denied timeframes
Create some rules on the firewall to block/reject any connection to/from 'Kids' during 'AccessDenied'

As rjcrowder said, there is plenty of different solutions to achieve what you want to do: you can for example use squidguard (I think the 'SG' you use should mean 'SquidGuard' but doing it that way would only allow you to control the web traffic (HTTP).
Using firewall rules and schedules will allow you to block ALL kids traffic (including xbox/playstation/wii, p2p and so on).

ajeeb · Oct 26, 2013, 9:15 PM

ok thanks for your reply but am little confused !!!
I install ClearOS ! it can restricts IP,Mac address but disadvantage secure website can pass even when IP,Mac blocked !
this is really stupid why could not they just block this mac address from entering the network !!

I think am moving back to PFsense …

@Derf plz tell me it's really works cause 2 things are really important for me (Web content filter + restricts surf time) and
ClearOS kill my internet .... !!! and they are Corporate !! everything $$$ !! WTH !
I just to keep my kids out of this sh*t around , I can make it easy by hocking up my linksys EA4500 but it disaster

again thanks for help (@rjcrowder,Derf)
BR

Liath.WW · Oct 27, 2013, 3:30 AM

The solution given by Derf will work, if you follow them word for word.
I use the same exact setup he mentioned to block access for my daughter – as there is a lot of trash out on the 'net.

ajeeb · Oct 27, 2013, 10:26 PM

indeed ! it's works perfect TY all .

BR

rjcrowder · Oct 28, 2013, 12:29 PM

@Derf:

The solution I use to control kid's surfing time is as following:

Create an alias named 'Kids' wich contains all the IP adresses of kid's devices (PCs, game consoles, …)

Create a schedule named 'AccessDenied' with the denied timeframes

Create some rules on the firewall to block/reject any connection to/from 'Kids' during 'AccessDenied'

As rjcrowder said, there is plenty of different solutions to achieve what you want to do: you can for example use squidguard (I think the 'SG' you use should mean 'SquidGuard' but doing it that way would only allow you to control the web traffic (HTTP).
Using firewall rules and schedules will allow you to block ALL kids traffic (including xbox/playstation/wii, p2p and so on).

I do the same thing as Derf for time based access. If you want to keep you kids "safe" while they are surfing, there are a couple of other things that I HIGHLY recommend.

1.) OpenDNS. Gives you a great set of DNS based blacklists and performs well. I just can't see any reason not to use it.
2.) Dansguardian. For dg, I usually download the Shalla blacklists and also use the weighted phraselists. Blacklists are only as good as they are kept up to date and dg phrase checking does a very good job at catching the rest…

Something else you might want to condider is turning on Clamav in dg. It does a great job of realtime virus scanning. However, you will perceive some lag from it - especially when downloading large files.