Kid Friendly Restrictive Software

[Zarathustra[H]]

Hey all,

So for a few years now, I've been using K9 Web Protection for my stepson. It is OK, but is kind of a clunky solution.

The kid is also starting to get a little older. He is 12 now. I don't want to be too restrictive, but he has demonstrated that he still needs something to keep him in line, and I can't be there looking over his shoulder at all times.

Are there any better alternatives you guys use? Windows used to have something built in, but these days they have made it overly complicated to set up, and it requires the use of a Microsoft account, which I don't do.

Any suggestions?

 

[Monkey34]

I used to use Norton Family and it worked good, but it's been a number of years, so I'm not sure how it currently is.

 

[Monkey34]

I just remembered this option as well: https://www.opendns.com/home-internet-security/

 

[Tremololo]

I just remembered this option as well: https://www.opendns.com/home-internet-security/

Sounds well, but seems promoting.

 

[kenn]

excellent! I was also looking for this solution

 

[ThatITGuy]

I have used OpenDNS and would recommend it. I think my ASUS Router (merlin firmware) had the ability to automatically route traffic to openDNS (and i think by client/MAC, because i could do it for only certain machines).
It had a default "protection" that would block known sites. I could also add other sites manually. You can also pull up a list of domains they visited, so you can see they were actually on Youtube or paper.io when they said they had said they HAD to use the computer for their homework.
Just gotta watch out when they learn about VPNs.

 

[Zarathustra[H]]

Well,

Blue Coat Software was sold to Symantec, and since Symantec wanted you to pay for their service, not get anything for free they discontinued K9 in April of 2019. I was too busy elsewhere and never noticed. it does explain why the filters were pretty bad near the end.

I looked around for an alternative but couldn't find anything I really liked, so I went with a two pronged approach.

First I set up a dedicated VLAN on a separate subnet for my stepson.

Then I configured that VLAN to use the free version of OpenDNS as suggested by ThatITGuy above. Tro prevent any circumvention I have been trying to block all other DNS servers, and allow only the OpenDNS ones, but that isn't working for some reason. It just kills all DNS. I've double checked my settings and firewall order, (one allow rule for each IP followed by a block rule for all on port 53) and it still doesn't work, resulting in loss of all DNS. Next I am going to try rerouting all requests on ports 53 and 853 to those DNS servers. That should do the trick I hope.

To enforce time restrictions, I have programmed my own cron rules on my pfSense router. It brings down the interface assigned to the VLAN for his subnet at off time, and brings it back up again in the morning using "ifconfig <interface> down/up" commands. This seems to work exactly as intended.

This doesn't restrict any late night sneaking (while we are sleeping) to play offline games, but it seems his only interest is online games and streaming anyway, so that doesn't seem to matter much.

Figured I'd share my update just in case it gives anyone else any ideas.