Internet access parental control, by DNS blocking, by domain


#1

To have a kind of parental control for internet access on a Balance 310, the wish is to do domain/url filtering by DNS.

Requirements:

  1. Only allow DNS packets from client to router built in DNS server (no DNS resolving on any other host = firewall block rule)
  2. Have an allow list per client IP, that contains a white list of allowed domain names
  3. Move all allowed resolved IP addresses for that client IP address to a temporary firewall rule (live as long as the TTL of the DNS record), this to block website access by IP (without resolving DNS name).
  4. Have an internal warning page, that is sent back to the end user when he/she tries to access an unallowed page.

Would be nice to have:

  1. Have an option on the warning page to allow the user to continue, despite the block (Soft block mode)
  2. Have an option on the warning page to request the administrator for access to this domain (Hard block mode)
  3. In both soft and hard block modes list these exceptions and give the administrator a one click action to allow or deny the user request for website (domain) access; for example for google.com; [1] Allow www.google.com [2] Allow google.com [3] Deny www.google.com [4] Deny google.com

#2

Good job.Keep it up.


#3

Do you have kids? Do you have a computer? If you have both, I sure your heart will be full of trouble. Because when your kids are using a PC, you’re probably worried about parental software and how much time they spend, and what kind of games they’re playing. Check our site for more details.


#4

I just talked to a customer that has a similar request.

  • Customer has a fleet of vehicles that have MAX-BR1 modems.
  • Customer wants to only allow his workers to go to an approved list of websites (He would prefer to whitelist over blacklist).
  • He would like to be able to maintain this whitelist in Incontrol2, but needs each of his vehicles to have unique SSID’s and passwords.

#5

We use NXFilter to achieve this as Peplink lacks this feature.