Network Based Parental Controls
At its core, this featureset is a combination of DNS based blacklists and Network based access control. Network based parental controls are less suitable on their own for children who are sophisticated enough to configure their own computers. For children with that level of sophistication, parents will need to use solutions that install on a child’s device that can restrict access.
DNS Based Features
- Content Filtering: This is DNS blocklists, masquerading yet again as a distinct feature.
- App Blocking: Hey guess what? More DNS blocklisting.
- Safe Search: Surprise surprise, DNS plays another role, where some search providers will restrict access to adult content if you add a CNAME to your local DNS server to specified servers.
Network Access Control Features
- Scheduled access: The ability to disallow access to the network and/or specific sites or categories during certain time periods.
Feature Comparison
The chart below compares Firewalla, gl-inet, Circle, Netgear Parental Controls and Bark.
| Feature | Firewalla | gl-inet | Circle Home Plus | Bark Rounter | SPR (Coming soon) |
|---|---|---|---|---|---|
| Safe Search | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
| Content Filtering | |||||
| Internet Pause | ✔️ | - | ✔️ | ✔️ | ✔️ |
| Bedtime Rules | ✔️ | - | ✔️ | ✔️ | ✔️ |
| Age Based Filtering | ✔️ | - | ✔️ | - | ✔️ |
| Block Sites/Apps | ✔️ | ✔️ Limited | ✔️ | ✔️ | ✔️ |
| By Category | |||||
| Website History | ✔️ | - | ✔️ | ✔️ | ✔️ |
| Rewards | ✔️ | - | ? | ? | ✔️ |
| Timeout | ✔️ | - | ? | ? | ✔️ |
| Ad Block | ✔️ | ? | ? | ? | ✔️ |
| Activity Alert | ✔️ | - | ? | ✔️ | ✔️ |
| Schedules | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
| User Based | ✔️ | - | ✔️ | ✔️ | ✔️ |
Evading Parental Controls
Children with reasonable technical skill can typically evade these restrictions with most routers, especially if they have administrative access to their own devices. Common evasion techniques include:
MAC Address Changing/Spoofing. The ability to change your MAC address on most networks allows you to evade access controls based on profiles setup per device or user. This technique is ineffective on the WiFi Pod as per-device passwords means we know who you are regardless of your MAC address.
Reconfigure DNS Settings. Since most controls are backed via DNS, if a user wants to evade these controls, they will attempt to bypass the blocking DNS server.
VPN/Open Proxy Services. The ability to tunnel IP traffic via another protocol is the hard method to prevent from a network based Parental Control solution. IP / DNS Blacklisting along with blocking common TCP/IP service ports can offer some control, but they tend to be bypassable.
Hack The Router. Kids can obtain a parent's password to the router and make configuration changes. On the WiFi Pod, this is more difficult as you can’t access the administrative interface via a child profile by default.
5G/Hotspots/Neighbors connections. Why even bother with the network when you can just use your cell phone. Network based solutions can’t solve this problem.
Looking for More Advanced DNS Features?
- Check out SPR PLUS. Members get access to domain-name-based firewall policy rules that support regular expressions. The firewall rules can block traffic, transparently redirect it, or send it out through a Site-Based VPN Destination. The firewall rules update dynamically when clients resolve domain names.