Parental control nad AD blocking, will it ever happen ?

[mucflyer]

Hi All
OPNSense looks cool, very promising. Only two things I'm really missing. AD Blocking realized easy way, implementing black list, without playing with proxy, rules etc.
And second, even more important - parental control. I would like to limit Internet usage for example 4 hours per day. And disable network between let's say 8PM and 6AM.

Will it even be possible ?

[fabian]

you can use firewall schedules to make a rule only available at certain time ranges - no problem. But what's the problem with the proxy? It's working pretty well.

[mucflyer]

Not sure right now, I think I was struggling with transparent proxy and https. Due to, no option to install replacement certificate on local machines. And mobile phones. But maybe I will come back to opnsense trying this again. pfblockerng is easier and works for both http and https without additional work on local machines.

[franco]

> Parental control nad AD blocking, will it ever happen ?

It happened.

https://docs.opnsense.org/manual/how-tos/proxywebfilter.html


Cheers,
Franco

[mucflyer]

This looks indeed good.
Any chance, to have Internet budget in the future (to allow, lets say, only 4 hours / PC / day).

[mdcclxv]

> Parental control nad AD blocking, will it ever happen ?

It happened.

https://docs.opnsense.org/manual/how-tos/proxywebfilter.html


Cheers,
Franco

Correct me if I'm wrong, but this will restrict access for all devices. This is definitely not parental control. Parental control means implementing access restrictions based on MAC address and, ideally, different rules for each MAC. I have two kids, 7 yro and 14 yro. I definitely can't apply the same restrictions to both. And I don't want any restrictions for me and my wife. And that's only part one of parental control is. The second part is internet budget.

[fabian]

you probably want to use a user based acl which the proxy is capable to handle. I am just not sure if that works via the GUI.

[marjohn56]

I'm using a simple add blocker as described here. I edited the list slightly as my wife finds the google add links are sometimes useful, especially when shopping. :)


https://devinstechblog.com/

[marjohn56]

Quick note on my message above, if you do edit the list, remember to restart Unbound and you may also need to do a flushdns on your devices.

[mdcclxv]

I'm using a simple add blocker as described here. I edited the list slightly as my wife finds the google add links are sometimes useful, especially when shopping. :)


https://devinstechblog.com/

How is this linked to a specific MAC?

[mdcclxv]

you probably want to use a user based acl which the proxy is capable to handle. I am just not sure if that works via the GUI.

Yeah, good luck with that on Android. I can enter a proxy and a port, but that's as far as it goes. No user/pass there. But that would be the wrong approach anyway. The norm is transparent proxy with MAC based restrictions.

[marjohn56]

I'm using a simple add blocker as described here. I edited the list slightly as my wife finds the google add links are sometimes useful, especially when shopping. :)


https://devinstechblog.com/

How is this linked to a specific MAC?

It's not, I missed your bit about the mac address.

[mimugmail]

Imho it must be a mix of captive portal with currently Missing limit per user and something like opendns family shield.

[marjohn56]

Or MAC filtering on a schedule or a VLAN on a schedule. Fixed IP and no dhcp on the VLAN.


Forgot to add the MAC address filtering is pretty easy to bypass.

[Ciprian]

I guess that for your kids an approach based on "hotel" setup, using vouchers, would be a better fit, at least for internet time budgeting.

For the web filtering, I would set a static lease for each PC so that I'd be sure the PCs would always have the same IP, and set appropriate filtering in proxy for each IP, accordingly and respectively. Of course, your kids should not have admin rights on their PC logon users (to not be able to manually change the IP on PCs).