I have to find a way to block porn sites on all browsers through something system-wide like iptables (just an idea)... Is there any way that I can do that.
Asked
Active
Viewed 1.4k times
17
-
13If you do this yourself: your list of blocked sites is open ended so impossible to set up (porn sites pop up faster than you can block them). The better option is to -white-list what is acceptable for users to visit. Otherwise you will need to depend on an app for that specific browser or a DNS that blocks it for you – Rinzwind Nov 09 '15 at 14:07
-
4You don't need to block them yourself, you should use a more sane approach like using OpenDNS category blocks instead. No maintenance and almost impossible to evade (if you know your stuff). – Braiam Nov 09 '15 at 14:08
-
I did this myself with my router running dd-wrt and pixelserver. It isn't that difficult. This way you can block porn on your entire lan network (including advertisements). Just add a porn dns database. If you just want to block porn on that one pc this isn't for you. try opendns instead. http://www.howtogeek.com/51477/how-to-remove-advertisements-with-pixelserv-on-dd-wrt/ – Akisame Nov 09 '15 at 14:45
-
There is also the question: what is porn? Just an example: Wikipedia uses a data storage which also hold porn (to increase your knowledge / to learn)... however, it is still porn even having the "for educational purpose" doesnt change this fact... (as good as no software blocks Wikipedia) – Dirk Reichel Nov 09 '15 at 18:18
-
Your ISP may provide this service. In the UK, I believe they have to by law if you ask for it. – OrangeDog Nov 09 '15 at 19:13
-
5On a related note - is there one that unblocks it? :) – Vitaly Mijiritsky Nov 09 '15 at 19:54
-
@Braiam You mean if you know your stuff and whoever you want to block it from is technically incompetent. I mean worst case the people have to use their phone to look up whatever IP
has and then access that directly and we're not even talking about just having a simple VPN set up. The whole idea is a losing battle... or is this just a trick to teach your kids basic networking? In that case, yep I admit not bad. – Voo Nov 09 '15 at 21:52 -
@Voo of course, but you would need someone that have the time and resources to evade whatever you put in place. Hint: people don't have the patience to do so. Just with restricting outbounds to ports 80/433, preventing networking manipulation and programs installations you would deter 99% of the people. – Braiam Nov 09 '15 at 22:02
-
2@Braiam I think you're severely underestimating the amount of time and effort teenagers will spend to get to porn :-) I learned more about networking in High school from getting WoW to play on the school network than in any class in university (ok that might be slight hyperbole) – Voo Nov 09 '15 at 22:08
7 Answers
18
You can also use the service openDNS, which limits the name resolution based on the pre-set filters. Compared to the solution proposed for the /etc/hosts file it allows you to not have to constantly update the list. Once you have set your own filters just use openDNS as name server. https://www.opendns.com/home-internet-security/
LilloX
- 1,997
- 12
- 16
-
3Additionally, you can do this at router level, covering all devices. It doesn't stop somebody just specifying
8.8.8.8as their DNS server though. That would bypass this immediately. – Oli Nov 09 '15 at 14:10 -
2@Oli not at all. Just preventing forwarding of port 53 should be enough. – Braiam Nov 09 '15 at 14:11
-
using a proxy server or proxy chain is best, but you have to subscribe to a blacklist of some sort. – Panther Nov 09 '15 at 14:16
-
OpenDNS is awesome, but just make sure you set everything up right, because there's some configuration. – Daniel Nov 09 '15 at 14:22
-
@Braiam So use a DNS server on another port. If necessary, set yourself as the DNS server, and proxy DNS requests to a server outside the firewall. – user253751 Nov 10 '15 at 06:03
-
@immibis yeah, you know? That seems to be just a pain when I can just go to my house and get internet... – Braiam Nov 10 '15 at 06:58
-
I found that OpenDNS Family servers works well. This will globally force all connections to use the DNS server you specify, even if DNS is manually changed under network settings. Here are the steps:
– Aang Dec 03 '15 at 19:491. Make sure the package **resolvconf** is installed 2. `sudo gedit /etc/resolvconf/resolv.conf.d/head` 3. Append the follow (this is applicable to OpenDNS Family): `nameserver 208.67.222.123` `nameserver 208.67.220.123` 4. Update the `/etc/resolvconf/resolv.conf` file: `sudo resolvconf -u` 5. Verify update: `gedit /etc/resolv.conf`
7
There are several ways to do this
- Easiest, IMHO, is to use opendns
Opendns has been asked here:
Once it is configured you configure it here - https://www.opendns.com/welcome/
The advantage is that blacklists are then maintained by opendns.
- The second method is to install and configure a proxy server . You can do this with dansguardian, privoxy, or squid to name a few. You then configure iptables to route all traffic through the proxy or proxy chain.
http://blog.bodhizazen.com/linux/web-content-filtering-made-easy/
http://blog.bodhizazen.com/linux/how-to-transparent-proxy/
The disadvantage of this method is that you have to manually update and maintain the blacklist.
http://www.squidguard.org/blacklists.html or subscribe to a service.
You can use iptables, but iptables is inefficient, and you again have to manually maintain a blacklist.
you can use a hosts file. You have to obtain and update the list yourself.
http://winhelp2002.mvps.org/hosts.htm
The above link is more for adblock.
The "problem" is that these sites tend to change ip and host names ;)
Panther
- 102,067
5
There's no such thing as "software that blocks porn" -- artifical intelligence is nowhere near up to the job. All you can get is software that blocks websites that someone has blacklisted -- they may be diligently identifying and blocking porn websites, in which case they'll block some (but far from all) porn, or they may be blacklisting their competitors' websites or sites that they object to ideologically.
Mike Scott
- 2,194
-
1Do you have any evidence that blacklists actually exist which are maintained by porn website operators in order to block their competitor's websites? – jwg Nov 10 '15 at 11:06
-
2Not porn website operators, but Internet censorship companies. And no, I don't have any evidence, because such companies don't publish their blacklists, so they're completely unaccountable for them. – Mike Scott Nov 10 '15 at 11:43
2
Various software like Net Nanny, etc. can be used. Alternatives of Net Nanny for linux users may be:
- Pluckeye: http://www.pluckeye.net/
- e2guardian: http://e2guardian.org/
- NxFilter :http://www.nxfilter.org/
-
DansGuardian is outdated and no longer maintained. Its successor is named e2guardian: http://e2guardian.org/. If you wanted to use DansGuardian, you should use e2guardian instead. – tealhill supports Monica May 10 '17 at 23:00
1
Every tool and way fights only with the sites existing at the time of creation of that tool, which are already quite many (sadly). No software or black list can predict what is going to appear. So every tool will be a temporary remedy. It is impossible to solve such problems with software.
Find such a tool inside yourself and the people who use computer.
Muzaffar
- 5,597
0
Try adding an entry to the /etc/hosts file. Open up your terminal and type:
sudo -H gedit /etc/hosts
Add a line for every site you want to block, e.g.
127.0.0.1 www.example.com
Then save the file. You may need to restart in order for the changes to take effect.
Note: this will block access to the particular host from all software, not only the browsers.
-
2This doesn't solve what the OP wants - they want complete blocking of certain types of sites, managing that manually is infinitely difficult. – Thomas Ward Nov 09 '15 at 14:04
-
1@ThomasW. I think if OP does a little bit of research re will find good host files for him. – Marton Nov 09 '15 at 14:09
-
2@Marton Agreed, however there is a hugely massive list of things - they'd be better off to whitelist things, such as in the firewall, or implement a proxy on their network that all data routes through. Either way, there's headaches. – Thomas Ward Nov 09 '15 at 14:10
0
You can do this easily by editing the file /etc/hosts. Simply add lines for sites you wish to block by referring the site to an IP address of 0.0.0.0, like this:
127.0.0.1 localhost
127.0.1.1 mycomputer
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
0.0.0.0 site.to.block.com
0.0.0.0 another.site.net
chili555
- 60,188
-
3This is a "good idea", but like my comments to the other answer, editing this one by one will cause a massive headache and a lot of edits needing to be done regularly. I think they're looking for a parental / content control solution that doesn't need manual intervention. – Thomas Ward Nov 09 '15 at 14:07
-
2that list is going to so long it will eat up all your memory when it is getting parsed. – Rinzwind Nov 09 '15 at 14:08
-
2This is just impractical if it's a entire category of sites. This would be "ok" it it was 10 or 20 sites, but there are just so much porn hosts everywhere. – Braiam Nov 09 '15 at 14:10
-
My list is some 15,000 items long. I use this: http://winhelp2002.mvps.org/hosts.htm – chili555 Nov 09 '15 at 14:26
-
-
@bodhi.zazen I am well aware of that. My answer was to demonstrate the method only. As you correctly noted, "You have to obtain and update the list yourself. " – chili555 Nov 09 '15 at 15:17
-
Consider adding that information to your answer a anyone dl that file for pR0n will be disappointed. Perhaps you have a better hosts file for pR0n ? – Panther Nov 09 '15 at 15:18