Porn filtering and accountability

buggs1a

Occasional Visitor
I’m again in the market for a device that can block porn correctly on all devices and be able to remote admin and have a report to email the admin daily. All devices include Mac and windows. Gaming. iOS and Android.
I’ve tried over 12 devices last year and only the TP LINK AX6000 I think, blocked porn correctly. But it doesn’t work well for remote nor does it send a daily report.

what about Kerio control? Untangle?
I can try something in parrell desktop on my Mac if possible. And if possible I’d love to have someone remote admin for me to help me and help me learn. To troubleshoot etc. I really need help.
 

bbunge

Very Senior Member
Most routers do filtering via DNS which can be easily defeated. I have had good success, and some stories about catches and blocks in a church network, with a router built from an old PC with IPFire. It has a filter that can use several block lists and blocks the IP address. Can also be managed over VPN.
 

coxhaus

Part of the Furniture
Untangle has a great reporting system. It is already pre-defined and ready to go once installed and very easy to run. I used Untangle to block bad mail, viruses, and malware. The reporting system was great. I have not used it for porn specifically. But ask on the Untangle forums. I think it will work.

One caveat is there is some lag associated with deep packet filtering which is unfriendly for gaming. To reduce the lag run a big CPU.
 
Last edited:

buggs1a

Occasional Visitor
I thank you very much.
I tried the untangle z4w and it did not block porn on android and iOS good. Playboy would load fine. Never got the Untangle block page. I don’t understand. Web filter was on. Adult was blocked. Yet it didn’t seem to block.
The reporting was good. And I think it can be dealt with remotely with that I forget the name of it.
I will definitely need help with untangle and the folks there some were hostile a bit.
But it had difficulty blocking. The reporting I think is great.
But if I could try untangle free on parrell desktop on my MacBook Pro maybe with help I could get it to work? I don’t know.
We’re looking to get a router or something.
 

shabbs

Regular Contributor
My porn blocking at home consists of the following:
- Asus RT-AX88U router running Asuswrt-Merlin FW
- Two Raspberry Pi's running Pi-hole DNS services as primary blocking service
- Upstream DNS configuration via OpenDNS Home Internet Security to block access to porn sites etc...

I use DNSFilter on the Asus router to trap all DNS requests on my network and force them to the Pi-holes. This prevents creative kids from bypassing the pi-hole by mucking with DNS settings. It also blocks IOT devices from using their own DNS (Chromecast for example). The only way to bypass is to use a VPN.

Not sure if OpenDNS offers up email reporting but they have a rich dashboard.

The blocking by OpenDNS also allows for a custom error page so I put my ugly mug on so that anytime someone tries to hit a nasty site, they see me with a classic "No, no no!". Heh.
 

buggs1a

Occasional Visitor
Haha. That’s great.
I have tried opendns in a router once without success. I don’t know why. I never got any block page on android. But that’s a good idea.

one thing I think we will do is build a box to put in the router and lock the box so no one can physically reset it.
 

shabbs

Regular Contributor
Haha. That’s great.
I have tried opendns in a router once without success. I don’t know why. I never got any block page on android. But that’s a good idea.

one thing I think we will do is build a box to put in the router and lock the box so no one can physically reset it.
The OpenDNS setup is not on the router itself for me, the Pi-hole DNS config uses it as it's upstream DNS so that when an initial DNS request on my local network makes it through the Pi-hole DNS, it's then passed upstream to OpenDNS which then does content filtering.
 

dave14305

Part of the Furniture
As browsers adopt DNS-over-HTTPS by default, these methods will be rendered ineffective.
 

buggs1a

Occasional Visitor
As browsers adopt DNS-over-HTTPS by default, these methods will be rendered ineffective.
Huh? Please explain.
Is this why nothing I’ve tried works?
Wouldn’t Untangle be able to work anyway being it’s more business class?
I tried 12 devices last year and the TP LINK AX6000 was the only one that filtered porn on android and iOS etc. I even tried the Asus AX11000 and it did not filter on mobile. Android was never filtered.
 

shabbs

Regular Contributor
DoH (DNS-over-HTTPS) will send DNS requests encrypted over HTTPS to DoH servers that will process the request. These types of requests won't be able to be intercepted and blocked as they'll look like normal HTTPS traffic so standard DNS/hostname blocking techniques will fail. Pi-hole relies on DNS requests that are plain text on Port 53. The move to DoH will render it ineffective sadly.

EDIT: To answer your question, if clients on your network are using DoH (Firefox has started to turn this on) then yes, the blocking will not be effective.
 
Last edited:

shabbs

Regular Contributor
It's gonna be everywhere. Chrome is rolling it out too.
 

buggs1a

Occasional Visitor
Well ya. I read the wiki for DoH and it said it’s an issue for parental controls.
But Untangle has block dns over https in their web filter. Doesn’t do anything. Still don’t block adult. And the TP LINK Archer AX6000 does block stuff correctly. Then the Asus AX11000 doesn’t block.
Confusing.
 

shabbs

Regular Contributor
You could block all known DoH servers and force clients to fall back to plain old DNS, but that will be a game of cat and mouse.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top