Network/web filtering device/software


#1

As the kids are getting older we’re finding more and more need to take control of what websites are accessible from various devices around the house.

I’m already using pi-hole on my Raspberry Pi as our DNS and DHCP server, with OpenDNS upstream (although OpenDNS doesn’t seem to be blocking some of the domains I’m expecting it to. That’s not why I’m posting tonight).

Youtube is the big one I need to get blocked right now but as the kids get older, I’ll be looking to block more. I’ve had to blackhole it on the pi-hole and block it on OpenDNS to get it fully locked down and even then I’m not 100% certain. The catch is that dakson sometimes has a legitimate need for Youtube on his school-issued Chromebook.

What I’d like is:

  • A more robust proxy/filter that I can put between my router and internal network without configuring the clients
  • Ability to run pi-hole and be my DHCP server as well
  • Ability to let designated clients bypass filtering (parents’ computers)
  • Enabling/disabling filters on a schedule is a plus, but not mandatory
  • Easily administrate via web interface - Wife Acceptance Factor is critically important - as the YouTube restrictions need to be editable when I’m not around.

I’m not opposed to building a small machine - something with 2 GigE NICs, 4-8 GB of RAM, probably a 128GB SSD and a 64-bit Atom processor will probably be sufficient (and preferably no moving parts to make noise and fail), I’m guessing.

Open to software and hardware suggestions.


#2

Nothing to add here, but following suggestions with interest.


#3

Linux box of some flavour and squid, combined with your existing piHole / OpenDNS setup?


#4

Kind of thought that’d be the case, but my biggest concern is a non-techy-spouse-compatible interface where my wife can enable/disable sites easily. Or even better, be able to set a schedule and/or filtering for particular site/device combinations.


#5

I thought smoothwall was the go-to in this space but it hasn’t had a new release for 4 years!? What’s the new hotness here?


#6

Any chance you could use a NUC for the hardware? keep to a small format.


#7

There are no 2-nic NUCs.

Netgate makes a $150 pfsense appliance device I may check out. I installed the software in a vm just to take a look around. Almost seems like overkill for what I need but I’m gonna mess around with it some more.


#8

Hey, neat!!


#9

I’m rebuilding my pihole at this moment actually. I originally built it on my PIDrive and finally got a dedicated PI for it. Different version though so the image won’t boot so I’m building it again.

Your pihole can do the schedule part pretty easily. Remember it is a linux box and you can add or remove domains from the command line. If you know some basic Python (it’s not hard really) you could setup a Python script to be triggered via a cron job on the pihole. You could also do some simple web programming (I’m assuming here) and build a dirty web front end to enable or disable sites as needed.