 So web filtering is probably one of the more popular P of sense features people have been asking me for now I have a couple opinions on this so you can do different web filtering with different proxies The problem is most sites are moving to SSL or have moved SSL Especially all the major sites and the problem with SSL is you can't see inside the traffic So the filtering is not as easy to do the way I recommend around this is with DNS filtering And maybe I'll do a different video about how you can just block certain websites But of course that's really challenging to maintain. So there's third-party companies for example open DNS Which is part of the umbrella service I believe is owned by Cisco and you can use their DNS and you can do DNS level filtering and that's kind of cool But this company caught my eye they're called DNS thingy and it's kind of a consumer service But it's reasonably priced and we're gonna go over how it works with PF sense I'm really impressed with how well it works. So I had set this up I did some testing at home with it. So I have it registered my personal email. I didn't Didn't reach out to the company. I'm not a paid endorsement at all for this I just kind of thought it was novel and the way it worked in the fact that DNS and a few other routers are supported Visibility where I'm gonna be covering how you load it on PF sense. I'm gonna show you how to load it How set it up and how it works. So let's get started. So first thing we do is get DNS thingy Their price is $7.99 a month your first 30 days are free a supported routers required So they have a clear OS which I haven't used They have a list of ASUS ones that are in here, which are pretty cool So if you have one of these model ASUS ones, it's I believe a replacement firmware is what they do with those But with PF sense choose PF sense 2.3 and Get installation package Nice thing is they made it really really easy to cut and paste this in so we're gonna go ahead and Just copy and paste this normally. I recommend typing in commands, but you know, I'm lazy and we're just gonna do this That's a whole nother topic, but generally you should type in commands instead of doing it this way So I'm just gonna get this right here copy SSH into our PF sense Hopefully, you know how to do that. We're gonna paste it in Done now that part's pretty simple. All this does was add DNS thingy Package to PF sense package list. So we're gonna go ahead and we can log out now So once the package is added we go over here and we're gonna log in a PF sense now Alright now one thing about this is Now that we've done this step two in the installation is Updating it and changing a couple things in here. We have to go to the package manager That's not a problem before we can enable it if you notice down here what they're telling us It's kind of weird, but DNS thingy runs as a service on your PF sense box Which means it one and it wants to run on 443. So you have to change Your PF sense box to be on something other than 443 for administration. So we went over here TCP part and they suggest 20443 use whatever you want, but that's fine. We're gonna go ahead and change this over Hit save All right now we've changed the admin port to 20443 and like I said, that's an important step on here to make sure that you do that So now we're gonna go ahead. Let's get some out of date packages We're gonna go to available packages and we can scroll down here or we can filter for us. We'll just type in DNS There's DNS thingy. We just run the installer confirm and It installs like any other package in PF sense. It's uninstalling. We go over here to DNS thingy Go ahead and enable it leave it on all the network interfaces unless you have some custom thing you wanted to do and We're going to save it Apply the changes Now we got to get our box ID. Now what this is what connects it to your account. So here's the box ID So we're gonna copy this Then we go over to DNS thingy and you go to the section that says router once you're logged in box ID Paste it in and hit add and it shows up here box is not online. It takes a second to synchronize All right now. It's updated and refreshed So one of the things to notice is because this is on our internal network for testing It does notice that we're double-naded, but it doesn't matter because it's gonna start logging things on my side here Now I'm only a computer on this because this runs in my own little lock down virtual network But at least we can start taking a look at things. So The rule sets are pretty much at default, which is block adult content identity that Better safe than sorry block risk of domains and top-level block high-risk top-level domains Block behavioral profiling content marketers third-party advertisers Now I haven't played much with this but they have a virtual relocation rule set And that's a so you can get around restrictions. Maybe country restrictions on viewing content, which some Websites do that like if you're outside the US you can't view certain things because of other kinds of rules I don't know what exactly magic they're doing for this I and I don't have any comparison whether or not it really works but make streaming and downloads fast and force YouTube safe mode and force Search engine safe mode. This is kind of interesting and I won't go for all the adult testing that I did on it But yes, if you try to type in certain phrases, they just don't show up in there because it forces safe search on Every time because it's a DNS redirect to the safe search one thought that was kind of neat that it does that And definitely kind of cool. So now that we've got this enabled Let's I'm gonna open up some stuff on another side over here. So we can get some data into this All right now from the pfSense box you have the link to dashboard.dns thingy Which is your dashboard, which we are here and then the other link down here was my tools dot management And this is the logging Well, I'm not actually allowed to view the logs and I'll show you how that works So the logs are actually local you can't view them outside your network, which is that was kind of strange It's actually wrapping things around into there. So we go over here to devices and We have to find my device and add it to the list now because I had this at my house It has all the different Computers that were at my house on here. So we're actually gonna find my computer in the list here So now that we found my computer in here, which I had to expand out the details So I could find the IP address of my computer and we're gonna go to edit And we're gonna say view all logs Now by default you can't view your logs Until you add yourself to the ability to view the logs, which I thought was just kind of strange But that's how they have it set up So you have to find your computer add the ability to view logs even though the logs are internal and you can do the Who am I to find the logs? This is under the my tools that management and we go over to the main log and Refresh it and now you can see everywhere that my computer is going So it's kind of a strange way they look and like I said my tools that management is being redirected and filtered This doesn't work outside your network. So you can't view it Which is kind of weird is that when I first tried to demo this I thought I was gonna be able to demo by setting up at my house and then testing it here at the office But as it turns out the logs are apparently kept local. So they're doing some Kind of DNS masking to make it look like they're logging all this But these logs are actually being stored within your computer. So I think that's kind of neat the way they're doing it that way But at least you can start following everywhere. I'm going now by doing this and let me see if I can find something to make it block All right, and I went ahead and chose pornhub because why not and this is what actually comes up on the page DNS thingy blocks it Blocked by block ads DNS thing this is what comes up. So if you want to use this to filter bad sites such as pornhub They're dumb just being popular. I figured I'd use them, but you can see how it does now Something else I find interesting is just watching all the DNS look-ups that my system Looks for and some of the other things that it does fail on so last resolver this this and this and blocked content So it's kind of interesting you're watching all the patterns of everything that it's doing so kind of neat the way it works and you can go through later and Examine each one. See it'll log which IP is doing it I'm the only IP on here, but I've tested this at home. It shows all the IPs and all the devices that are In the system and the DNS thingy page is redirected to internally, which is the router So there's also more levels of logging that you can do which is kind of neat. They got a couple other Custom options. I don't know what they all are if I'm read through all the details on that I just wanted to get you started with this tool. It's pretty neat. It works Well, I tried it for just about the whole 30-day trial at my house and it's it's a really simple system You can also manage unblocking things in here So you can do custom blocking you can for your devices in the list that we have under block the bad Let me expand all the details again So I can find my computer in here, but the You can change it to say unfiltered no internet, which is also really neat allow only the good So you can get really restricted down filters And you or you can say this computer doesn't get to have the internet and you can just block it on there Same with the logging whether or not to compute the logs It's pretty neat, especially if you've got kids or little ones that you go You know what? I think I want to filter the internet for them And I want to have control over that or just keep a log of where they're going Definitely something you can do here. So they're actually kind of supporting Using open DNS in the back ends there. They also have some white listing options They have an option to customize it. So if you want to add a custom page into your company We're home to you know, say hey talk to dad if you've seen this or dad's watching you or mom You know, you can make some fun things like that, but this is a pretty simple system. It's only $8 a month. I Think that's well $7.99 a month I don't think that's horrible for DNS filtering and a nice thing about DNS filtering is that it's It's a great way to do it if you're doing it with setting up a bunch of certificates and trust between devices Well, you're for sure coming in or notice is if you have some IOT devices that you may want to lock down That becomes more difficult because they don't accept the Filtering of you know or adding a certificate to them They can only be filtered and locked down via DNS and things like that This would give you that option so you can find all the devices on your network and and see where they're going and check Logs on them and one of the things you may notice here, too. Let me go back to my devices When you're looking at the whole device list, it even has all the phones Emily's phone This is my daughter's friends coming over and things like that. So anything that jumps on my network I can control in there. We had the steam link and Sean's phone just Sean was over So it's kind of interesting to see all the places on it But if you want to lock down a device that gets on your network and say no internet That's actually an option. So you could actually say you know what I don't want them to get internet But I need them to connect to network for something go ahead and check it out. It's a great way to do filtering It's reasonably priced and seems to work really well. I didn't see any easy way around it even changing my DNS I believe it does all the DNS blocking. Yep It does even if you change the DNS on your computer DNS thingy when it installs in PF sense doesn't allow it redirects even when you change to another DNS So it does kind of lock down the system and it's doing this all automatically on there So it's setting up the interfaces and everything. I don't even think it creates any type of firewall rules. Oh, okay Well, actually it does right. Here's the land rules So it forces DNS thingy reject 4 for 3 for ad blocks DNS thingy prevent IPv6 bypass. So yep, they are creating rules at the same time that stop things Stop you from going around the DNS and essentially so like I said real impressed with it. It's good software It seems to work. Well, I didn't really find any issues with it It loads right in a PF sense like I said, it's great So if you like to kind of here like and describe if you're interested in DNS thingy it's dns thingy.com There's not sponsors. So I got no offer codes or anything to hook you up with on it But try it out check them out if you like it Let me know if you have comments or another software you want me to review like this that works with PF sense I'm interested. Thanks