Kasperian Moving Parts

kinda like batman, but with a wife and 3 kids

Looking for: Parental Controls Virtual Machine (or something)


Dear Lazyweb,

Having paid a decent amount of money yearly to Linksys for their nice little Parental Controls feature which ties in really well with my WRT54GS wireless router, I am surprised and dismayed to find that Linksys is no longer going to allow me to do so. They’re discontinuing their Parental Controls feature (a site-wide proxy, if you will) and have no replacement product. And having looked for the same service available from anyone/anywhere else, I am also shocked and dismayed to find that I can’t locate a viable replacement for said service.

So, dear reader, if you happen to know of a good product/service that allows multiple logins per site (home) and configurable levels of allow/blocking, and doesn’t cost more than $60 per annum, please tell me.

My next thought is in building out a Virtual Machine (dang I love VMware!) with Ubuntu CE installed and configured that I’d eventually publish on the virtual appliance site thingey. Maybe there’s someone who’s beaten me to this already?


Author: Jason 'vanRijn' Kasper

My name is Jason 'vanRijn' Kasper. I am the ring leader of the amazing Kasper family. I am unashamedly a Christian Geek. These are our stories....


  1. Squid + dansguardian will do this if you give it some kind of authentication backend. Ldap is a good choice and you can also get samba etc to authenticate against it. This will allow you to set different levels of naughtiness for each account.

  2. I haven’t used it, but I think this little device might be useful:


    Plus, I think it runs linux. :)

  3. Pingback: Looking for: Parental Controls Virtual Machine (or something) …

  4. Not sure if its what your after, but the new mandriva 2008.1 has a ‘Parental Controls’ option in the security part of its control centre. This allows blocking of sites, allowing certain users to work unblocked and analysis of a site to determin if its allowed based on keywords.

    Under the hood it uses squid/dansguardian, but the control centre makes if very easy to set up. Im using it on the kids machine to block sites by keyword, and specifically added youtube.com to the blacklist.

  5. Have you heard of Glubble? (http://www.glubble.com)

    It’s made by the company I work for, and it’s a pretty nice piece of free software.

  6. Hi Jason,

    Some time ago I did the QA for these guys:


    Not to sound like an ad or something (I don’t even work there anymore), but I remember their web-filtering SoHo routers and appliances were top-notch. Definitely worth having a look.

  7. I have no experience with it, but maybe you can use it.


  8. try the iboss parental control. Ive been using it for over a year and its what your looking for. I was in the same boat when my WRT would not renew. it actually better than open DNS since you cant bypass it by changing your DNS (believe me, most teens figured this out, just google it! :) ) about $60/yr but not per comp. Runs linux in the router like the orig. version of the WRT.

  9. @KatieS

    blocking port 53 on the router is the key. This will reject all network requests for DNS. If they want to resolve host names, they will have to keep the default DNS.

    If you want to take a step further, look into linksys routers enhanced with open-source firmware such as dd-wrt.

  10. I agree Thore but what I found is that teens are way more savy than we think. Mine googled all the ways around. I showed my teen your response, this is what he says “fine, we would just use a proxy site and/or go to the domain direct, using the IP address” again, this is why opendns would not work very well. direct access and proxies are everywhere. u have to be able to at least try to block these request and have a history of the attempts even if you do not catch them all. this way if they get away 10 times but get blocked once and you are aware of it, you can address the issue rather than never knowing and being in the dark.

  11. Hey guys!! Thanks so much for the info!!

    @Sean Harmer: Yeah, that’s actually what I ended up setting up. I already had Squid set up (trivial), so I just downloaded dansguardian and plugged it into Squid. I didn’t see how to set up per-user restrictions though. Have you done this successfully? To me it looked like there was an authentication piece and then also a filtering piece and the two weren’t related…

    @miguel: That is a cool-looking little device! But that’s a per-machine solution that isn’t for me. I need a whole-house solution.

    @Adam Pigg: Yeah, the Ubuntu CE disk has a similar thing. Pretty cool, really! The only problem is that it’s again a per-client/computer solution and not a per-house/gateway/router solution.

    @Paul Gideon Dann: Wow! That looks really cool!! I had no idea that was out there! It looks geared more for kids, tho, and again is a per-PC solution. Still, I’ll have to check that out some more.

    @tecnocratus: Hey, that’s cool too! Yeah, I found a couple of hardware solutions, but they all look more expensive than the one that was built into the WRT54GS. I think I’m leaning more towards either a standalone VM that’ll run Squid/dansguardian/something or just having my ancient downstairs computer that’s always on anyway as a file server do this for me.

    @Thore: Hey! Yeah, actually, I’m using opendns already. It’s pretty cool! However, it doesn’t do content filtering like other Parental Control solutions. I do like using it, tho, and think I’ll still do so with whatever content filter I end up with. =:)

    @dim: Wow, cool! I had no idea that existed! =:) Thanks!

    @KatieS: Yesss! I think that’s what I’m looking for! Thank you! So… I don’t see any screenshots on the iBoss pages… is it pretty close to being the same as the WRT54GS Parental Controls interface?

    Thanks again everyone!! =:)

  12. Hi,

    it is more squid that provides the ACL support. Take a look at the man page for squid_ldap_group e.g. http://linux.die.net/man/8/squid_ldap_group for examples and info. I think that there are other auth backends that can also tie into squid ACLs too.

    The squid ACL FAQ is here: http://wiki.squid-cache.org/SquidFaq/SquidAcl

    Dans Guardian can be quite finely tuned by (un)commenting the various filter options in /etc/dansguardian/* and subdirs.


Leave a Reply

Required fields are marked *.