What's new

User Based DNS Filtering

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Manicjonah

Occasional Visitor
User Based DNS Filtering. Can it be done? Could it be done?

I'm thinking of two different scenarios:

1. Similar to a public hotspot when a user launches a browser session they are prompted to login (like on a terms of service page). That login is used by Asuswrt-Merlin to recreate the DNS Filtering rule for the device that is being used such that filtering is enabled/disabled based on the user's ID.

2. An SSO app that runs in Windows and forwards the user ID captured by Windows to the router where it is used to determine whether or not DNS Filtering should be enabled and, if DNS Filtering should be enabled, which service should be assigned to the filter.

In our home, by default, OpenDNS is used to protect all connections to the Internet. We have young kids so there are a significant number of options selected under Content (Filtering). Device based exceptions are made for my phone, my wife's phone, my work computer, etc. However the remaining devices are shared by all members of the family. The above idea allows content filtering to be on for the kids and unadulterated access to the Internet for my wife and I on the same device.

Is it possible? Is it worth doing? Where do I sign up to be a tester?

Thanks,

MJ
 
Anything is possible but this would involve some work.

One idea would be a simple lighttpd install with a protected php page that when given the correct user/pass would execute a router server side shell script to add a time based exclusion for your ip address or mac which would reset after an hour or whatever. That page could also have a disable button.

Not as elequent as using your windows user pass but also doesn't involve complex radius server.
 
Good idea Calisro! I wish I could do the work, I'd love to contribute. Sadly software development/programming is not my strength. I'd really l ike to see this happen though.
 
User Based DNS Filtering. Can it be done? Could it be done?

I'm thinking of two different scenarios:

1. Similar to a public hotspot when a user launches a browser session they are prompted to login (like on a terms of service page). That login is used by Asuswrt-Merlin to recreate the DNS Filtering rule for the device that is being used such that filtering is enabled/disabled based on the user's ID.

2. An SSO app that runs in Windows and forwards the user ID captured by Windows to the router where it is used to determine whether or not DNS Filtering should be enabled and, if DNS Filtering should be enabled, which service should be assigned to the filter.

In our home, by default, OpenDNS is used to protect all connections to the Internet. We have young kids so there are a significant number of options selected under Content (Filtering). Device based exceptions are made for my phone, my wife's phone, my work computer, etc. However the remaining devices are shared by all members of the family. The above idea allows content filtering to be on for the kids and unadulterated access to the Internet for my wife and I on the same device.

Is it possible? Is it worth doing? Where do I sign up to be a tester?

Thanks,

MJ
You could change the ip/dns settings of the machine using a batch file when you use it which only you can run. eg:

Code:
@echo off
echo Choose:
echo [A] Parents
echo [B] Kids
echo.

:choice
SET /P C=[A,B]?
for %%? in (A) do if /I "%C%"=="%%?" goto A
for %%? in (B) do if /I "%C%"=="%%?" goto B
goto choice

:A
@echo off
netsh interface ip set address name = "Ethernet" source = static addr = 192.168.1.99 mask = 255.255.255.0 gateway = 192.168.1.1
netsh interface ipv4 add dnsserver "Ethernet" address=8.8.8.8 index=1
goto end

:B
@ECHO OFF
netsh interface ip set address name = "Ethernet" source = static addr = 192.168.1.99 mask = 255.255.255.0 gateway = 192.168.1.1
netsh interface ipv4 add dnsserver "Ethernet" address=208.67.222.222 index=1

ipconfig /renew Ethernet

goto end
:end
 
bilboSNB - I've gotta admit, this never even crossed my mind. I think I was "stuck" looking for a router based solution. This will do nicely in a pinch (I think/hope). Thanks!
 
+1 IP changing...
That is actually how I do my vpn as well. I jyst have certain IPs flagged for vpn and toggle the client IP to either direct or not over the vpn. The KISS method.
 
+1 IP changing...
That is actually how I do my vpn as well. I jyst have certain IPs flagged for vpn and toggle the client IP to either direct or not over the vpn. The KISS method.

Calisro - is your VPN configured in the router or is it a client side VPN?
 
It'll be the routers openvpn client I would guess, you can use policy based routing to direct traffic either over vpn or wan based on the ip address, this script comes in handy when flicking between vpn and wan, its actually in the wiki.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top