A great option for Home web filtering

This forum contains discussions related to keeping families and individuals safe while making use of technology. Acceptable topics would range from how to protect families from Internet predators and online pornography, monitoring and protecting cell phone usage and text messaging, locking unwanted television and movies from various devices, protecting and monitoring computer game usage, and promoting safe Internet and technology use.
Post Reply
New Member
Posts: 27
Joined: Sat Oct 02, 2010 4:50 pm
Location: US

A great option for Home web filtering


Post by skiddlyarcus »

Here is an outline for a very powerful home filtering system.

I have been wanting equipment in my home to provide the following:
  • Track all web sites that have been visited and provide reports for each computer in the house (reports should be available via email or a web page)
  • Allow me to block or allow sites by category
  • Allow me to block or allow sites by name
  • Allow me to specify the specific times and days of the week that a device is allowed online or blocked (e.g. Mom’s computer can be online 24x7 but the kids’ computer and ipods are blocked at bedtime)
  • Works for both wired and wireless computers
  • Works for all computers on my network
  • Is very difficult for the kids to bypass … even the technically savvy wiz kid in the house.

I’ve found a solution that meets all of these requirements. I had expected to pay for this level of service, but it is possible to implement this at no cost using an open source software appliance named untangle (www.untangle.com).

Best of all, untangle gives a number of advanced features in addition to what I want. It’s available for sale for schools, businesses, and other uses. If you find it helpful for you, please recommend it where you can so Untangle.com can continue to provide the free version of the software.

Required equipment:
  1. 1 old computer (see details at http://wiki.untangle.com/index.php/Hard ... quirements). Basically, you want something that was purchased after about 2004. It could be an older computer that you don’t use much any more. You want it to have reliable hardware, but it doesn’t matter if Windows has been running very slowly for a while.
  2. Another option is to purchase hardware from untangle. It’s more expensive, but pre-configured and comes with phone support to help you get going. (http://store.untangle.com/index.php/unt ... iance.html)
  3. Untangle Lite package (download from http://www.untangle.com/Lite-Package and burn it to a CD for installation
  4. 1 additional network card for the computer
  5. Optional: another additional network card if you want separation of your wired network and wireless network

Basic Setup - http://www.untangle.com/pdf/Download_QuickStart.pdf: Configure the firewall - http://wiki.untangle.com/index.php/Initial_Setup
  • set up the internet connection on external interface
  • set up the internal interface
  • enable dhcp
  • name all the PCs in your network and give them an address
  • dns (use open dns)
Configure additional features: http://wiki.untangle.com/index.php/Init ... _Questions
http://wiki.untangle.com/index.php/Unta ... %27s_Guide
  • set up web filter
  • set up the captive portal
  • set up reporting
(I haven't listed a lot of detail on how to set this up ... the untangle site has a lot of good information about that. If there is a lot of interest, I can expand this post).

The trick to getting a free "time based" filter is the captive portal (http://wiki.untangle.com/index.php/Captive_Portal). (Captive portal is what you see at many wifi hotspots - when you connect, you have to accept an agreement or give a credit card number).

What I've done is to require the captive portal for specific computers in the house. For example, the captive portal isn't required during the times after school when kids need internet to do homework. But, at 8:00 (bedtime), the captive portal takes over and requests a user name and password to allow internet access (only on the kid computer and ipod). I have an account set up for each of the kids, but they don't have the password. If they have a reason to be online, I'll tell them what the password is and they can quickly get online. Then, I'll change the password the next day or whenever I have time.

There is a better option - purchase the untangle policy module. But for my needs, the free captive portal option works - all I have to do is manage the passwords. I've found it to be a good way to help monitor the kids internet usage when they ask me for the password.

This system has great reports (http://wiki.untangle.com/index.php/Reports)
It tells me every site visited by each computer so I can see exactly what any given computer has connected to.

It's also possible to do detailed blocking such as allowing web site access while blocking instant messaging ... this sort of thing requires some technical configuration, but it's possible to do.
New Member
Posts: 11
Joined: Sun Mar 07, 2010 10:51 am
Location: Rexburg, Madison, Idaho, United States

Typical settings


Post by kc7qwh »

I would love to have more information about how to set up Untangle. Going through the setup with "typical settings" is quite helpful for me as I have limited understanding of what some settings do.
Is it possible to set up individual web filtering for each member of the family?
Thank you for this post.
New Member
Posts: 27
Joined: Sat Oct 02, 2010 4:50 pm
Location: US

Re: A great option for Home web filtering


Post by skiddlyarcus »

Yes - it is possible, but not easy ...

Untangle has a pay-for option called the "policy module" that would allow you to set up different filtering options for each person/computer. With the *easy* setup, it would apply to a computer. But it is possible to set it up with a captive portal that would make it assigned by each person.

I haven't done that, so I don't have exact instructions.

What I have done is use the captive portal to ground my kids ... when one of them was surfing instead of doing homework, I changed the captive portal password for that computer and they had to come get a parent to allow them to go online.

On a similar option, I downloaded Sophos UTM - free family edition yesterday. That may have an option to allow different filtering per person. I haven't gone through it all yet, but so far I like it better than untangle for home use ... mostly because it has a lot more next generation firewall features.
New Member
Posts: 27
Joined: Sat Oct 02, 2010 4:50 pm
Location: US

Re: A great option for Home web filtering


Post by skiddlyarcus »

I spend a few hours poking around Sophos UTM Home Edition (http://www.sophos.com/en-us/products/fr ... ition.aspx). It's easily the most powerful home internet filter I've seen. The fact that it's free has made me bring up the sophos products at work in order to support the company.

The sophos web page gives high level overview of what it's capable of. In short, it provides a series of categories that you can configure to block web pages. For example, you can block "nudity" and allow "weapons". In addition, it allows you to automatically configure safesearch options from google, bing, and yahoo.

Another interesting option in that it can integrate with youtube for schools. I haven't tried to obtain a youtube school ID, but if I understand correctly, it locks down youtube to only educational videos.

Their is a sophisticated set of web filtering policies that would allow different policies to be applied to different machines. So, for example, you could configure the Wii to only connect to the nintendo web sites. iPods can be restricted from "lifestyle" web pages, etc.

Using this sort of filter isn't easy to set up - you'd have to plan out your devices and configure the network for each device (or it looks like you could force each person to sign in before they can browse web pages). If you are highly technical, there are more options still.

So, if you need more detailed configuration than opendns, this is a very good option. If you need simple, go with opendns.com (and be sure to install and use your network configuration application so it keeps working).
Senior Member
Posts: 773
Joined: Tue Jan 23, 2007 2:03 pm

Re: A great option for Home web filtering


Post by JamesAnderson »

A good option for Youtube is now K9 Web Protection, while this has been discussed here before, the Youtube filtering feature is new.

Now they are able to for the most part filter based on video metadata and maybe even descriptions. You can submit video URLs that it does not catch, as I suspect that because the feature is new, it may miss things on occasion, but the system will learn from user input via these submissions.

K9 is also very nearly ironclad on many bad categories, particularly when it comes to malware and pornography. A few problems do remain, such as fake pharmacy sites, which are often missed by most filters because they look so much like legitimate health and major pharmacy store sites. A recent trend in scamming is the fake news site, and these typically spam out either work-at-home scams and other types of health scams. They will look a lot like a local news site, with many visual elements pilfered from the Because of how they lift images (usually copyright infringement is involved), filters also don't catch them due to how the pilfered images are laid out, and you have to submit the URL with a description of the issue to the filter to get it rated properly. Regardless of which filter is used, you'll need to submit the URL manually to the filter's rating team, to ensure it gets rated properly when it comes to those two types of sites.

But this doesn't detract from K9/Blue Coat's quality. In fact, a peer-reviewed study done independently showed Blue Coat Web Filter came out on top. Websense? They came in second to last in the same test.
User avatar
Posts: 115
Joined: Sun Dec 26, 2010 9:49 am
Location: Olathe, Kansas

Re: A great option for Home web filtering


Post by jkentner »

I like to use a multi-level approach. I use Windows Live Family Safety (familysafety.live.com) formerly part of the Windows Live Essentials package. It is free. I can control everything remotely via the internet. I can control time of the day they can be on, certain amount of time per day, website filtering, etc.

The second level is OpenDNS (free, opendns.org). This is the catch all for devices like smartphones and tablets. You set your router to use OpenDNS's DNS servers.

Thirdly, I use my router to restrict the IP address ranges of the non-Windows pc devices. This takes away the temptation for using those devices at night with out mom and dad knowing.

When comes to smart phones with 3G/4G that is a different story. Luckily my kids haven't gotten to that age yet to cross that bridge. I will probably use the providers parental controls in that case.
New Member
Posts: 9
Joined: Fri Nov 09, 2012 2:47 am

Re: A great option for Home web filtering


Post by Etechnology »

Really got some good info.Gained a lot from this post.Thanks a lot.
New Member
Posts: 44
Joined: Sun Feb 05, 2012 7:25 pm

Re: A great option for Home web filtering


Post by moonman239 »

Have you looked at what your router offers?

Edit: Have you also looked at what your ISP offers?
New Member
Posts: 27
Joined: Sat Oct 02, 2010 4:50 pm
Location: US

Re: A great option for Home web filtering


Post by skiddlyarcus »

Most ISPs in the US do not perform any filtering.

For an ISP, it's a high cost technology that would generate a lot of complaints. If they offer the service, the families that want filtering would complain if they make a mistake. The customers who want to see porn/nudity would complain if they are blocked.

Just to give an idea of the cost, a company of about 8000 employees could pay over $200k US/year for a Websense subscription to provide the list of sites that should be filtered. Other providers such as Bluecoat are at a similar price level. An ISP with several hundred thousand customers would have a much higher cost.
New Member
Posts: 23
Joined: Sun Nov 24, 2013 12:36 pm
Location: Kennewick, WA

Re: A great option for Home web filtering


Post by pcardelli »

For the 3G/4G on iPhone, iPad, iPod with iOS 7 and newer OS, you can use the Restrictions Settings to limit some of the content including the ability to install apps, web content and more.

For Android it really depends on the device, but their are similar options. Hopefully with newer versions there will be additional options. Most of all we need to train our families and understand who to talk to and what to do when they see inappropriate content. We can only control so much, you would be amazed at the number of young kids with mobile devices on school busses these days.
Post Reply

Return to “Family Safety with Technology”