Suggestions? Filling in monitoring gaps

Add-Ons
1

Finally got my ipfire in place. I’m forwarding logs via syslog to an internal server and will be bringing them into my personal Splunk instance.

What I’m hoping to do, is fill in a bit of some gaps I feel I have with monitoring and protections for my household. The Google Mesh WiFi I have seems to be a bit limited in restrictions to keep my kiddos from getting into content that I’d rather them not.

Parental controls are in place for our Kindle devices, PCs, Game consoles, VR console, Fire TV devices and various accounts within (Netflix, etc.).

However, it gives me some additional peace of mind if I’m able to block content via a firewall that they should otherwise not “stumble” onto.

So - what suggestions do you all have for exiting base ipfire configuration, and additional add-ons extensions that will help fill in those gaps for peace of mind (ala a net-nanny type of control of things at the network layer).

Thanks much!

2

HI
I also used it for the same reason as you
I enabled the urlfilter function and classified the sites that were not welcome

2 Likes
3

Thanks for the tip! That’s what I was looking for.

Do you have a suggestion on a blacklist provider? Or just use the available auto update from Univ.Toulouce?

4

There are a few ways to help with “additional peace of mind”. None of them are fool proof and smart kids will find a way around them. Especially if they have a cell phone or a cell phone with hotspot capability.

  1. Do this step! It is needed no matter which solution you pick.
    www.ipfire.org - Force clients to use IPFire DNS Server

  2. setup the IPFire DNS Server with a highly filtered outside DNS server.

    • I do not have a suggestion for this since I do not use one, but there are lots of good suggestions on the internet.
    • I would not use this since it is easier to get around

  3. enable URL filter and enable the conventional Proxy (not Transparent).

  4. Enable IP Address Blocklists and add some additional blocks for your kids.

    • this is probably the best way since it uses the IPFire framework with some added work on your part.

  5. Add a pi-hole device

  6. Implement a RPZ solution

    • I have been experimenting with this. To me it is easy to add to IPFire.
    • BUT it is not supported by IPFire.
    • I plan to request it be added to IPFire but I am still experimenting with it and I am not ready to submit.
    • Some RPZ info here:
      https://community.ipfire.org/search?q=RPZ%20order%3Alatest

I threw lots of info at you. Sorry for that. Speak up with your questions.

3 Likes
5

Thanks for this! Great suggestions!

6

In addition to @jon 's post, half-joking, half-serious :wink:

  1. Be a better alternative to Netflix, games, smartphones…
    Spend more time with your children. Talk to them. Raise awareness. Go for walks often.
    etc.

:wink:

Regards

3 Likes
7

Yep - we’re already on a well established tech diet here. Limited hours on devices on the weekends. School days only device time to do homework. None the less, one has stumbled on adult content “by accident” in the past, which is why I’m working to fill in the gaps I have so that it doesn’t happen again.

8

For the Conventional Proxy piece, I have my Google Mesh network set up on Blue.

My question is, would every device connected to my Google Mesh WiFi need manual Proxy setup (phones, tablets, chromebooks, PCs, etc.) or is there a way to have a WiFi (such as the Google Mesh) utilize the ipfire (Squid) proxy for all connected devices?

9

HI
there is a configuration to do in IPFire to force the use of the proxy

1 Like