Noob looking for advice with web filtering…
-
Hi all,
Although I've been running PFsense for awhile now, I'm just now looking into getting some web filtering setup. Currently I'm looking to use OpenDNS with pfsense to manage the filtering. I've asked some questions elsewhere and I'm getting mixed opinions on how to do that. While I get there are numerous ways to skin a cat, I'm just wondering what the community here feels is the best practice?
Essentially my home has numerous devices and I'm looking to filter the children's devices specifically. I've read that one way is to vlan out the kids stuff, and setup openvpn for that vlan specifically. Another option was to filter the entire network with the most strict setting, and at that point anything I don't want filtered manually change each devices dns servers.
I know that part of the answer comes down to personal preference. My personal preference I think, is to be able to have all the control from pfsense/opendns. I get that I could just set the network to filter heavily, but then when friends come over and jump on the wifi I'd have to set things up/tell them what to change… and that's just something I don't want to deal with. I would rather control the devices I own specifically, and let new devices that are on my network temporarily be of no hassle to me... If that makes sense?
Any input would be great!
-RYknow -
Squid + squidguard + blacklist + ACLs for just your kids is one way to do it. You can get more help in the Cache/Proxy forum.
-
Put the kids' stuff on a different VLAN. Enable the DHCP server on that VLAN interface, and hand out OpenDNS servers for the DNS. Make sure you're not running DNS Resolver or DNS Forwarder. Then put your stuff on the LAN/different VLAN, with whatever DNS service you want (8.8.8.8, or Quad9, etc).
If your kids are smart enough to set their own DNS servers to bypass the OpenDNS default DNS on the VLAN, then you can configure the firewall on their interface to reject DNS queries to anything other than the OpenDNS servers.
-
@KOM:
Squid + squidguard + blacklist + ACLs for just your kids is one way to do it. You can get more help in the Cache/Proxy forum.
Thanks for the suggestion. I did create a new post over in the cache/proxy forum. I've tried to get squid/squidguard setup… but I haven't had much luck. It has to be a noob error that I'm making... but I'm just not sure. Do you maybe have a link with a proper tutorial on configuring this?
-RYknow
-
Do you maybe have a link with a proper tutorial on configuring this?
Not specifically. There are a million of them online. Start with squid. Get it working either transparently or explicitly. Then add squidguard and get it working. Ask for help if/when you get stuck. That's how the rest of us learned.
That said, the OpenDNS solution using their child-friendly DNS feature may be the quicker & easier solution for you, but less flexible.
