Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Family focused PFSENSE Deployment

    Off-Topic & Non-Support Discussion
    7
    7
    3227
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cremarchuk last edited by

      Hello to all

      I'm using Pfsense since 2.1 edition (using right now 2.3_x64) , and its fabulous, in our company we are using it as proxy, IDS + IPS, antispam and content filter. I have a question related to the pfsense capabilities.

      In my house i have 3 little childrens, and have problems filtering content, we can filter websites by categories using the same solution at our company (Squid + Squidguard as proxy and content filter), also restrict access by schedule and by mac+ip filtering access to outbound ip's and url's.  For our computers we have as a complement to our pfsense installation Kids-safe browsers, parental control software applied, google accounts with control parental and content restricted to age managed by mi wife and i. The only thing we cannot do is restrict content based on IoT devices and they applications., for example in our SmartTV we have netflix and youtube and we cannot apply any of the controls we have on computers, tablets, gameboards, becouse we cannot find a way to do on the device or from pfsense.

      Maybe the question is innapropiated for a forum, but there is no silly question, only bad formulated questions. ¿Is there a way to apply security controls based on filtering or denying content on aplications developed for IoT devices such like Facebook, Tweeter, Netflix, Hulu, youtube, etc?

      Any contribution will be apreciated

      CDRS

      1 Reply Last reply Reply Quote 0
      • H
        Harvy66 last edited by

        You could block entire services, like YouTube or Netflix from a given device. If you don't want someone using something, don't let them use it? Log out of Netflix when you're not using it?

        Obligatory, if they're so young that they can't safely use the Internet, maybe they should only be allowed to use the Internet with parental supervision?

        1 Reply Last reply Reply Quote 0
        • P
          phil.davis last edited by

          As Harvy66 has said, blocking whole services is easy enough. But things like YouTube are delivering a whole range of content from a single set of IP addresses and doing it with secure connections (e.g. https). So to have pick-and-choose filtering you would have to man-in-the-middle the secure connection, then have some content filter. In stage1 the filter is going to do simple stuff like checking for "naughty" keywords in the text associated with videos/images. But of course that will not be 100% effective. Such a content filter would need image recognition to analyze pics and each video frame for inappropriate stuff. So a generic way of doing this in not yet feasible.

          The better option is if each provider has a way to choose the allowed content types - then the end devices have some sort of password to access different content levels - Netflix subscriptions… are likely to provide such features. I doubt that YouTube is offering a selectively filtered service.

          As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
          If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

          1 Reply Last reply Reply Quote 0
          • G
            grandrivers last edited by

            yes youtube does have an option to filter some content not sure how effective it is

            pfsense 2.4 super micro A1SRM-2558F
            C2558 8gig ECC  60gig SSD
            tripple Wan dual pppoe

            1 Reply Last reply Reply Quote 0
            • N
              Nachtfalke last edited by

              What about using "OpenDNS" (https://www.opendns.com/) as service for devices you cannot control like you expect with pfsense?
              Perhaps assigning the OpenDNS DNS Server IP to you TV and control access via OpenDNS. Did not use it myself but perhaps it gives you some more/other control you cannot get from pfsense and packages.

              Here I found something about "parental lock" for youtube.
              https://www.youtube.com/watch?v=u00yKwGFpS0
              Because I don't use youtube very oftem I am not sure what it filters and how it can help you.

              Further some blacklists on the internet have this youtube URL in their lists to block content for people who are not 18+:
              youtube.com/verify_age

              Perhaps adding this URL to a blocklist and for your TV could help.

              Regards

              1 Reply Last reply Reply Quote 0
              • A
                apirumann last edited by

                I am in the same boat. I have not heard most of the things he mentioned. what is squid and such? Also, have you fixed your problem? If so, how?

                1 Reply Last reply Reply Quote 0
                • johnpoz
                  johnpoz LAYER 8 Global Moderator last edited by johnpoz

                  This thread is 2 years old, and the OP never came back... If you have questions on how to best leverage pfsense in your environment I suggest you start your own thread detailing your network and any questions you have on how to best do some specific sort of thing your wanting to accomplish.

                  To your question of squid, squid is a proxy package that can be used to filter access based upon a url that someone might access.. Like blocking access to www.facebook.com or only allowing access to say www.kidsafedomain.tld

                  But to be honest, some of these sorts of features are more advanced than many users (without networking experience) understand and would come with a steep learning curve if not already up to speed. Asking what squid is - points to not having the basic skilsets that would make deployment of such features an easy solution.. You might be better suited with a more home "user" sort of device - there are many "home" friendly devices with interfaces designed for point and click control of what kids can access..

                  Maybe something of such a list of devices will be of help
                  https://www.fatherly.com/gear/best-parental-control-devices-routers/

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.01

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post