What to choose for filtering and reporting as a beginner

Started by SamW, October 02, 2025, 10:31:16 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 02, 2025, 10:31:16 PM Last Edit: October 02, 2025, 11:51:43 PM by SamW
I'm new to OPNsense and trying to set up network devices in general.
I am trying to set up a single device on the edge of our home network that can filter out traffic, especially inappropriate content and ads/trackers. I also want to be able to log traffic so that I can review it if needed and see what sites are being visited. This will be on the WAN side of our router which will act as our access point for all devices and be used for time controls per device.
I have gotten OPNsense installed on a test PC and set up the Unbound DNS service with several block lists. This alone seems inadequate as I don't really know what I don't know. I have found Zenarmor and the possibility of using a caching proxy like Squid.
I need something fairly simple to set up but I was put off by the fact that Zenarmor requires a subscription to do filtering (as well as the heavy memory resources being used without any blocking happening). I just can't quite sustain the ongoing cost if I have other alternatives.

My question is, what is most likely going to achieve my goal of filtering out traffic, and then being able to see traffic if needed, or is Unbound DNS enough?

I'm open to alternatives that are simpler and more robust that I don't know about, however I would like to keep everything as local as possible which is one reason I like the Unbound DNS since (from my understanding) it downloads the block lists and everything is checked locally, as well as it provides some reporting (though I don't know what it may not catch). I didn't care too much for the idea of NextDNS or OpenDNS as it depends on outside sources for whether things are filtered and I would rather have the internet go down than it not be protected as much (I don't find any online service as a necessity for our uses).

Any advice is much appreciated.

**edited to add 'or is Unbound DNS enough' to question and note about Unbound providing some reporting**
October 04, 2025, 07:33:09 PM #1
I'll try and ask this another way since any bit of information would likely be useful. Feel free to ask any questions that may help provide better information, the question alone may help me think of something I didn't know I was missing.

Since I am using Unbound DNS with the block lists, I realize I cannot see what pages on a website may be being visited, however we still would like to do banking and things that make it likely best to keep using HTTPS on the client side.

What kind of traffic might I miss with my current setup of Unbound DNS using hagezi and OISD block lists, is it easy to visit blocked content without it being logged?

I know there is always a way around anything, but if I can get an idea of if/when that happens then I can address it appropriately.

So, question #2, what may I not be aware of here that will make it harder for me to know if blocked content has been accessed?
Print
Go Up Pages1
User actions