IPFire & Netgear D7000 Router/Modem Combo

Good morning everyone, new here and would like a little advice

I have a Netgear D7000 modem/router combo and whilst it does the job i want it doesn’t Adblock or even let me block https websites (the majority of the web) outright or on a timed basis. I was running Pihole but i needed something a little more advanced and started looking to firewall software.

Came across PFSense but after watching a few YouTube videos it looks a little too advanced and complicated to set up so continued on with my search and have come across IPFire which seems pretty ideal so my questions.

1 - Will i be able to block websites outright, on a timed bases or per device? (mostly for myself for motivation and cut out porn)
2 - Can i adblock or would it be easier to just continue with a Pihole for the ad blocking?
3 - I know my router/modem combo has a firewall and will create double Nat which isn’t ideal but according to Netgear forums i can just create a rule in the firewall to let all traffic through regardless so effectively it switches off the firewall in a sense and then i use another firewall to do the filtering.

Ideally i am trying to use as less equipment as possible and not over-complicate my setup by just using the modem/router/wifi combo and having something attached to do all the filtering, blocking etc. Is this possible.


Hi @electricwildflower

Welcome to the IPFire community.

You can switch off the whole routing/firewall function of the D7000 and make it into a plain modem.


This way you won’t have double nat, makes everything much simpler.

IPFire does have a URL Filter function. However this only works with http.

https is encrypted and therefore the only thing that can be seen is the IP address being used. The details of the specific page etc on a website can not be identified.

To do that IPFire would have to act as a Man In The Middle and decrypt the traffic, filter it and then re-encrypt it before sending it to the PC’s on your lan. To stop your browser flagging the https traffic as dangerous because it doesn’t recognise the certificate, the IPFire certificate authority (CA) that was used to create the new https certificate would have to be loaded on every PC in your lan to say the traffic was trusted.
IPFire does not provide the capability to open up all encrypted traffic and then re-encrypt it to send it on.

There is the IP Address Blocklist function but that is formulated to deal with security type attacks on your network. Also at IP level it might also block sections of website that you are interested in.

Other people on the forum are using pihole for various reasons although there can be challenges to using that in combination with the IPFire unbound DNS server system.
You can do a search on the forum for pihole. There were 50+ topic threads returned with pihole as the search term.
I am sure there will be people on the forum willing and able to help you with advice on that topic.


Hello everyone, I have the same setup just getting started, but my R7000 is flashed with Tomato firmware instead of the stock Netgear firmware. As of now, I am just starting to read about how to put things together. More to come