Family focused PFSENSE Deployment

cremarchuk

Hello to all

I'm using Pfsense since 2.1 edition (using right now 2.3_x64) , and its fabulous, in our company we are using it as proxy, IDS + IPS, antispam and content filter. I have a question related to the pfsense capabilities.

In my house i have 3 little childrens, and have problems filtering content, we can filter websites by categories using the same solution at our company (Squid + Squidguard as proxy and content filter), also restrict access by schedule and by mac+ip filtering access to outbound ip's and url's.  For our computers we have as a complement to our pfsense installation Kids-safe browsers, parental control software applied, google accounts with control parental and content restricted to age managed by mi wife and i. The only thing we cannot do is restrict content based on IoT devices and they applications., for example in our SmartTV we have netflix and youtube and we cannot apply any of the controls we have on computers, tablets, gameboards, becouse we cannot find a way to do on the device or from pfsense.

Maybe the question is innapropiated for a forum, but there is no silly question, only bad formulated questions. ¿Is there a way to apply security controls based on filtering or denying content on aplications developed for IoT devices such like Facebook, Tweeter, Netflix, Hulu, youtube, etc?

Any contribution will be apreciated

CDRS

Harvy66

You could block entire services, like YouTube or Netflix from a given device. If you don't want someone using something, don't let them use it? Log out of Netflix when you're not using it?

Obligatory, if they're so young that they can't safely use the Internet, maybe they should only be allowed to use the Internet with parental supervision?

phil.davis

As Harvy66 has said, blocking whole services is easy enough. But things like YouTube are delivering a whole range of content from a single set of IP addresses and doing it with secure connections (e.g. https). So to have pick-and-choose filtering you would have to man-in-the-middle the secure connection, then have some content filter. In stage1 the filter is going to do simple stuff like checking for "naughty" keywords in the text associated with videos/images. But of course that will not be 100% effective. Such a content filter would need image recognition to analyze pics and each video frame for inappropriate stuff. So a generic way of doing this in not yet feasible.

The better option is if each provider has a way to choose the allowed content types - then the end devices have some sort of password to access different content levels - Netflix subscriptions… are likely to provide such features. I doubt that YouTube is offering a selectively filtered service.

grandrivers

yes youtube does have an option to filter some content not sure how effective it is

Nachtfalke

What about using "OpenDNS" (https://www.opendns.com/) as service for devices you cannot control like you expect with pfsense?
Perhaps assigning the OpenDNS DNS Server IP to you TV and control access via OpenDNS. Did not use it myself but perhaps it gives you some more/other control you cannot get from pfsense and packages.

Here I found something about "parental lock" for youtube.
https://www.youtube.com/watch?v=u00yKwGFpS0
Because I don't use youtube very oftem I am not sure what it filters and how it can help you.

Further some blacklists on the internet have this youtube URL in their lists to block content for people who are not 18+:
youtube.com/verify_age

Perhaps adding this URL to a blocklist and for your TV could help.

Regards

apirumann

I am in the same boat. I have not heard most of the things he mentioned. what is squid and such? Also, have you fixed your problem? If so, how?

johnpoz

This thread is 2 years old, and the OP never came back... If you have questions on how to best leverage pfsense in your environment I suggest you start your own thread detailing your network and any questions you have on how to best do some specific sort of thing your wanting to accomplish.

To your question of squid, squid is a proxy package that can be used to filter access based upon a url that someone might access.. Like blocking access to www.facebook.com or only allowing access to say www.kidsafedomain.tld

But to be honest, some of these sorts of features are more advanced than many users (without networking experience) understand and would come with a steep learning curve if not already up to speed. Asking what squid is - points to not having the basic skilsets that would make deployment of such features an easy solution.. You might be better suited with a more home "user" sort of device - there are many "home" friendly devices with interfaces designed for point and click control of what kids can access..

Maybe something of such a list of devices will be of help
https://www.fatherly.com/gear/best-parental-control-devices-routers/