The internet is a useful tool, a panoramic vista of useful information, an educational smorgasbord!
Like any real-world place, the internet also has its more dangerous areas and “citizens”, and the reality is that anyone using your connection to the internet will eventually be sought out by pornography even if they do not go looking for it. There is also the very real likelihood that someone else that you permit to use your internet connection might access illicit material which gets traced back to the Internet Service Provider (ISP) account holder: you.
Worse yet you might tick off your neighbour who then uses your internet connection to frame you for a crime which you did not commit.
Why should a Christian avoid pornographic content? – Paul said it in his letter to the Ephesians:
Finally, brethren, whatsoever things are true, whatsoever things are honourable, whatsoever things are just, whatsoever things are pure, whatsoever things are lovely, whatsoever things are of good report; if there be any virtue, and if there be any praise, think on these things. -Philippians 4:8
It is hard to think on pure things while being bombarded with impure images.
So how can you block (most) pornography for as low a cost as possible even on all your devices including friends or family accessing your Wi-Fi without installing anything on the device?
I have a fair idea of what happens on the internet as I’ve been working with computers since before the dawn of the internet and have been involved in computer security for over 30 years with global multinational companies. The approach to computer security that I have developed over those years uses a multi-stage method, like layers on an onion, some of them require a bit of computer skill but with patience anyone who can follow a recipe can do this too by following one of the many HowTo’s on the internet.
The primary methods I use are based on intercepting the way that all internet traffic gets its routes from one place to another; think of it as the internet’s address book.
For example; you type https://theonerds.net/ in your browser because this is human readable – it makes sense to you – your computer looks up the computer readable version of this address using the internet address book called the “Domain Naming System” or “DNS” for short and then feeds the returned bundle of one’s and zero’s as a request to your internet router/modem which then works with other routers on the internet to get your request for content to the required destination.
By intercepting this process of address lookups and substituting a false address we can send unwanted requests into a “black-hole” or an address that internet routers will ignore so they will not pass the request onto the users intended destination. We can stop any device on our network from being able to load any of that material because it simply can’t find a path to it!
OpenDNS is a free service provided by Cisco which also has paid options for corporates or people desiring more historical reporting options. I have configured my router to use OpenDNS because it allows granular filtering when used on your internet router and can also be configured to block malware, botnets and known phishing sites. It truly is a great service and I get all of that for free!
Before you start attempting to make any of the changes listed in this article make sure you read the section titled “I have messed up my router and now can’t get on the internet! Help!”
Simple Porn Blocking
In the simplest configuration, known as “FamilyShield”, OpenDNS does not need an account sign-up or any deep technical knowledge to manage the changes required, merely a minor change to your internet router settings.
The FamilyShield will block most adult sites, proxy servers and phishing sites for all devices on your network including, mobile phones using Wi-Fi, Xbox, PlayStation, PC’s, MacBook’s, tablets etc.
Note: Mobile devices using their own cellular data plan may not be connecting via your Wi-Fi so you will not be able to control what these devices access using this method. You may want to consider an accountability software for those devices you have control over, something like Accountable2You might work for you depending on your device types and budget.
There are detailed instructions on configuring a selection of routers at this link.
Note: Some routers will not allow the end-user to change the provider supplied DNS settings, so an alternative solution is required, I will deal with this in another article. If you have any questions in the mean-time let me know in the comments below.
More Granular Control
If you want more granular control then you will need to create an OpenDNS “Home” account. Setting up a Home account is still free but permits more highly configurable settings.
However, this more advanced option will need the additional step of setting up of some kind of “DNS updater client” software on a Windows or Apple computer on your network which is switched on regularly, or left on, in order to keep the public internet address of your router updated in the OpenDNS database and ensure the custom rules are applied correctly.
This has to be a PC that is secured and under your total control if you don’t want anyone else to be able to circumvent the settings simply by switching off or uninstalling the software.
There is also a detailed HowTo on OpenDNS support forums for configuring a Linux PC here.
Optional Extras
The next, optional, layer in the onion is a bit harder because it will depend entirely on the capabilities of the router that your internet provider has supplied or, if you are a bit more technical maybe you already have bought a real one and you will find this bit fairly trivial.
Every router supplied by an Internet Service Provider (ISP) has a firewall – a piece of software designed to stop other computers from accessing your network while allowing devices on your network to access the internet. Normally, by default, every device on your network will be automatically “trusted” to access any content/protocol it requests.
This requires configuring the firewall on the router so it only trusts DNS requests to the OpenDNS servers. This will stop anybody bypassing your settings by manually using other DNS servers from their device.
Anyone attempting to bypass your settings will most likely try to use Google DNS servers so here is a link to an article showing a method to block these specific DNS servers – on one model of router, you may have to spend some time looking on the internet for a tutorial on your specific brand of router.
Block These Addresses On Your Router Firewall
- The Google Public DNS IP addresses (IPv4) are as follows: 8.8.8.8 and 8.8.4.4
- The Google Public DNS IPv6 addresses are as follows: 2001:4860:4860::8888 and 2001:4860:4860::8844
Learn This Skill – Your Family Needs It
Read up on the DNS protocol, what it is and how it works. It is not rocket science and you may give yourself a new skill and find yourself in demand with all your friends and family! But if you do get stuck, I’m here to help using the comments below.
Try a free computer networking course by online academies like edX, Udemy, Coursera, Cisco or Alison
Hard Stuff – Do Try This At Home
Ideally you need to configure your firewall to block all outgoing traffic from inside your network on port 53 using both UDP and TCP protocols to all addresses, this forces every device to use your router for DNS which, since it is configured to use OpenDNS, forces them to use OpenDNS and so secures and protects your home network.
However I should note that if someone is this determined to try these steps get access to stuff you are blocking then it’s likely that they will be able to figure a way around even this setting, so it’s really not a necessary step but at least will stop most people who are too lazy to spend the time searching the internet for solutions to the problem you have set them!
I Have Messed Up My Router And Now Can’t Get On The Internet! Help!
Remember that if you totally mess up the settings on your router and can no longer access the internet there is always the option to reset it to defaults – which should restore the configuration it had when you got it. This is normally achieved by pressing a recessed button marked “reset” with a paper clip for 5 or 10 seconds.
Note: This is something which is pretty easy to find out and anyone could do this to your router so you should really put it out of reach of children and consider changing the default Wi-Fi and administrator passwords so that, when your connection to the Wi-Fi fails, you will know straight away if the router has been reset without your approval!
Before you take any of the actions listed in this article, I suggest locating the instructions on how to reset your specific router make and model and confirming with your Internet Service Provider (ISP) that it will restore your router to the way you got it from them. – Test it too!
Alternatively, you could purchase a different internet router and get the settings working on it, switching back to your ISP supplied router whenever you need to. Cisco do small office/home office routers, as do Asus, NetGear and many others.
I’m Very Nervous About Doing This. What Should I Do?
I understand that the idea of making these changes could make a person very nervous, especially if you work from home and cannot afford to have your internet access offline for even a short time while you muddle through self-help articles on router configuration!
If you have this level of dependency on your internet router then I recommend you engage an IT professional in this process – show them the article and tell them what you want to do, any experienced IT professional should be able to do this for you in less than 30 minutes if your router supports the settings.