Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:firewall:fw3_configurations:fw3_parent_controls [2021/12/01 11:14] – clarified optional status and added IP bobafetthotmail | docs:guide-user:firewall:fw3_configurations:fw3_parent_controls [2023/08/30 08:26] – [Blocking services with banIP] vgaetera | ||
|---|---|---|---|
| Line 4: | Line 4: | ||
| ===== Introduction ===== | ===== Introduction ===== | ||
| * This article describes common methods to perform parental control of internet access. | * This article describes common methods to perform parental control of internet access. | ||
| - | * Make sure to apply restrictions to all source zones if you are using a firewall-based method. | + | * Be sure to apply restrictions to all source zones if you are using a firewall-based method. |
| ===== Restrict / deny / block access to certain web pages ===== | ===== Restrict / deny / block access to certain web pages ===== | ||
| Line 21: | Line 21: | ||
| * Dynamic hosts change their IP on a regular basis, invalidating the blacklist | * Dynamic hosts change their IP on a regular basis, invalidating the blacklist | ||
| - | ==== Blocking | + | ==== Blocking |
| Follow: | Follow: | ||
| [[docs: | [[docs: | ||
| Line 47: | Line 47: | ||
| * This will block all sites sharing the same IP with the targeted, so use carefully for domains which rely on [[wp> | * This will block all sites sharing the same IP with the targeted, so use carefully for domains which rely on [[wp> | ||
| * Completely blocking sites that use localized domains is problematic. | * Completely blocking sites that use localized domains is problematic. | ||
| + | |||
| + | ==== Blocking services with banIP ==== | ||
| + | See also: | ||
| + | [[packages: | ||
| + | [[packages: | ||
| + | |||
| + | banIP can block services using IP/CIDR lists, e.g. you can block WhatsApp with [[https:// | ||
| + | |||
| + | <code bash> | ||
| + | opkg update | ||
| + | opkg install banip luci-app-banip | ||
| + | uci set banip.global.ban_enabled=" | ||
| + | uci del_list banip.global.ban_feed=" | ||
| + | uci add_list banip.global.ban_feed=" | ||
| + | uci commit banip | ||
| + | . / | ||
| + | json_init | ||
| + | json_load_file / | ||
| + | json_add_object " | ||
| + | json_add_string " | ||
| + | json_add_string " | ||
| + | HybridNetworks/ | ||
| + | json_add_string " | ||
| + | json_close_object | ||
| + | json_dump > / | ||
| + | / | ||
| + | </ | ||
| ==== Blocking sites by using proxy servers ===== | ==== Blocking sites by using proxy servers ===== | ||
| Line 52: | Line 79: | ||
| [[docs: | [[docs: | ||
| - | A proxy server like Squid can be used to block access to websites. | + | A proxy server like [[docs: |
| It can check HTTP(S) specific details. | It can check HTTP(S) specific details. | ||
| The huge benefit of this option is to have the finest level of control. | The huge benefit of this option is to have the finest level of control. | ||
| It can even distinguish in cases where a single server with a single IP runs for example a blacklisted and whitelisted domain at once. | It can even distinguish in cases where a single server with a single IP runs for example a blacklisted and whitelisted domain at once. | ||
| + | |||
| + | Squid offers many features like SNI HTTPS based filtering, SSL-bump and splice. However, for typical resource constrained devices, Tinyproxy offers the most important options (filtering websites) as well. For parental control, due to ease of setup and low RAM/Flash requirements, | ||
| Drawbacks: | Drawbacks: | ||
| - | | + | * If not everything else except the proxy is blocked, it can be circumvented. The firewall must block the client-device from accessing the internet directly. |
| - | * Complex setup | + | * The clients need to configure the proxy in their browser. |
| - | | + | |
| ===== Time restriction of internet access ===== | ===== Time restriction of internet access ===== | ||