Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Noob looking for advice with web filtering…

    DHCP and DNS
    3
    5
    376
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • -
      -RYknow
      last edited by

      Hi all,

      Although I've been running PFsense for awhile now, I'm just now looking into getting some web filtering setup. Currently I'm looking to use OpenDNS with pfsense to manage the filtering. I've asked some questions elsewhere and I'm getting mixed opinions on how to do that. While I get there are numerous ways to skin a cat, I'm just wondering what the community here feels is the best practice?

      Essentially my home has numerous devices and I'm looking to filter the children's devices specifically. I've read that one way is to vlan out the kids stuff, and setup openvpn for that vlan specifically. Another option was to filter the entire network with the most strict setting, and at that point anything I don't want filtered manually change each devices dns servers.

      I know that part of the answer comes down to personal preference. My personal preference I think, is to be able to have all the control from pfsense/opendns. I get that I could just set the network to filter heavily, but then when friends come over and jump on the wifi I'd have to set things up/tell them what to change… and that's just something I don't want to deal with. I would rather control the devices I own specifically, and let new devices that are on my network temporarily be of no hassle to me... If that makes sense?

      Any input would be great!
      -RYknow

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        Squid + squidguard + blacklist + ACLs for just your kids is one way to do it.  You can get more help in the Cache/Proxy forum.

        1 Reply Last reply Reply Quote 0
        • M
          moikerz
          last edited by

          Put the kids' stuff on a different VLAN. Enable the DHCP server on that VLAN interface, and hand out OpenDNS servers for the DNS. Make sure you're not running DNS Resolver or DNS Forwarder. Then put your stuff on the LAN/different VLAN, with whatever DNS service you want (8.8.8.8, or Quad9, etc).

          If your kids are smart enough to set their own DNS servers to bypass the OpenDNS default DNS on the VLAN, then you can configure the firewall on their interface to reject DNS queries to anything other than the OpenDNS servers.

          1 Reply Last reply Reply Quote 0
          • -
            -RYknow
            last edited by

            @KOM:

            Squid + squidguard + blacklist + ACLs for just your kids is one way to do it.  You can get more help in the Cache/Proxy forum.

            Thanks for the suggestion. I did create a new post over in the cache/proxy forum. I've tried to get squid/squidguard setup… but I haven't had much luck. It has to be a noob error that I'm making... but I'm just not sure. Do you maybe have a link with a proper tutorial on configuring this?

            -RYknow

            1 Reply Last reply Reply Quote 0
            • KOMK
              KOM
              last edited by

              Do you maybe have a link with a proper tutorial on configuring this?

              Not specifically.  There are a million of them online.  Start with squid.  Get it working either transparently or explicitly.  Then add squidguard and get it working.  Ask for help if/when you get stuck.  That's how the rest of us learned.

              That said, the OpenDNS solution using their child-friendly DNS feature may be the quicker & easier solution for you, but less flexible.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.