Need to block bad websites via the router

[Smith6612]

So to answer some of the questions regarding filtering for websites...

 

1: Linksys's firmware is garbage, and half baked. It has been for a decade or so. The IPv6 settings are extremely limited, and as a result there isn't a way to specify different DNS Servers from the ones provided by the ISP. Only solution here is to set them at a device level, change the firmware on the router to something Open Source like OpenWRT, or, disable IPv6 all together (the unfortunate solution).

 

2: Chromebooks have Google DNS hardcoded into them, and they may also have enabled Secure DNS / Private DNS. This turns on DNS over TLS, and will cause the device to ignore any network DNS Servers presented by the router.

 

3: My preferred DNS providers for filtering are NextDNS and OpenDNS. I've had difficulties with OpenDNS in the recent past with causing iOS and Android TV devices to randomly lose DNS Connectivity during the day, but the IPv4 filter lists are pretty robust. You can customize the filtering or, simply use the OpenDNS Family Shield servers for a pre-defined list. Alternatively, stand up something like PiHole and use that.

 

4: Linksys doesn't provide the ability to do DNAT Redirection of DNS traffic to the specified nameservers or to block DNS over TLS in the firewall. Again, need open source firmware to do something like this with IPTables.

 

[Donut417]

On 2/26/2023 at 6:19 PM, RevGAM said:

Then what is IPv6 used for?

We have exhausted all our IPv4 addresses that can be used on the internet. IPv6 was suppose to be the solution. IPv6 has more than enough IP's that every one could have an internet routable IP address for all their devices. More and more ISP's have started dual stacking addresses. Some ISP's use CGNAT on IPv4 and provide a real IPv6 addresses as they ran out of IPv4 addresses. The biggest reason I think we haven't switched over all the way is because sooooo many things rely on IPv4 and until we can end out reliance on IPv4 we wont be able to kill it off. 

[iNeedy]

On 2/6/2023 at 5:45 PM, RevGAM said:

 This is to keep my kids out of danger.

Edit: on a serious note, school chromebooks are NOT gonna let your kids be in danger. It is more like a daycare than an actual computer.

 

[RevGAM]

8 minutes ago, iNeedy said:

Edit: on a serious note, school chromebooks are NOT gonna let your kids be in danger. It is more like a daycare than an actual computer.

 

I'm referring to the abuse of YouTube a bit, but mostly to the fact that malware can be introduced onto a Chromebook via a shared network. That's what happened to us. 

[iNeedy]

52 minutes ago, RevGAM said:

I'm referring to the abuse of YouTube a bit, but mostly to the fact that malware can be introduced onto a Chromebook via a shared network. That's what happened to us. 

Malware and Chromebooks literally don't go together. That is like trying to infect a rock with malaria.