My buddy has a PC he wants to have on a strict whitelist. He’s tried OpenDNS, but it’s imperfect, and some sites slip through the categorization. What Windows based program can block all websites except the ones on a custom whitelist?
Why does he want to do this? Because of his kids?
Block the internet? I always thought it was voluntary.
Whatever the case you might try Zonealarm, it has many features including effective blocking.
I’m about to get my 7 year old a laptop, so I’m curious about this too. Paging Bricker. Paging Bricker.
Don’t forget to buy the accidental damage plan.
Or a Panasonic Toughbook
Or a Panasonic Toughbook with an accidental damage plan.
Try this:
It specifically mentions the use of a custom whitelist to not only allow Internet traffic but also applications from running that use it. You’ll need both. Also, it’s free.
Excellent question! Sometimes in low moments I will look up old boyfriends, and find out more than I wanted to know, for example, seeing a picture of them with a great looking woman. The internet can be great in many ways, and not so great in other ways.
If this is just on Facebook, block them. I blocked my ex-wife, 99% because we have a ton of friends in common and it means I don’t see her commenting on pictures and statuses but it also means that I can’t go and look at her page/pictures even if I want to. Don’t forget that kind of stuff pops up in the strangest places. You can be looking at a website and get to the bottom and it’ll say “10 of your friends like us on Facebook” and I would prefer not to see her (and her new husband) show up. Blocking people prevents that.
But, you say, in a moment of weakness you could just unblock a blocked person, right? Well, yes, but it won’t let you reblock them for 48 hours and after having them blocked for a while it’s really nice and you won’t suddenly want to have them popping up all over them place for the next two days.
Of course, in my case, having my ex-wife showing up all over really made Facebook a miserable experience for me. Blocking her was really a good idea.
Think KISS Principle.
Many of the so-called blocking apps have their own political/religious/whatever agendas attached. You need a simple application that you select what can/cannot be access via a web browser.
I cannot vouch for these apps but they might be what you are seeking -
It depends on the level of security you need. There are several ways you could do that on the machine itself but probably anyone who know enough can get around it.
In Windows XP you can use the ROUTE command to establish the routing table for the computer. You can direct everything to 127.0.0.1 except the whitelisted sites which would go out to the internet adapter. Google WINDOWS ROUTE COMMAND for more information.
For better security I would establish a separate router so the machine user does not have access to it. You can use a router running dd-wrt or use an old computer running pfsense or something similar. This option gives you much greater security than configuring the machine itself.
All this requires some basic knowledge of routers and routing tables.
There are hundreds of different ways to do this.
You can tinker with the computer’s routing table.
See IP Routing Table | Microsoft Learn and How Can I Modify the Route Table to Block Traffic to an Internet Site? | Breaking Unwanted TCP Connections by Modifying Your Route Table | InformIT
So if the default entry in the routing table is
Network
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.10 1
you can change the gateway to a non-used address in the network (like 192.168.1.133) and the packets will be dropped.
ROUTE CHANGE 0.0.0.0 MASK 0.0.0.0 192.168.0.133
which changes the gateway to nonexistent address 192.168.0.133
and which is equivalent to:
ROUTE DELETE 0.0.0.0
ROUTE ADD 0.0.0.0 MASK 0.0.0.0 192.168.1.133
destination^ ^mask ^gateway
Now all outbound traffic will be dropped. Now you can whitelist:
ROUTE ADD 4.2.2.1 MASK 255.255.255.255 192.168.1.1
This correctly sends packets for 4.2.2.1 to the gateway-router while still blocking everything else. Add another line for every host you want to whitelist. Make the routes persistent across restarts or have a BAT file run on restart.
This can be defeated by someone who knows how to edit routing tables and has access to the routing table but should be plenty enough for preteens. If you want to add hurdles you can hide the ROUTE command.
One advantage of this method is that it does not require running any extra software on the machine.
I use this method to block machine access to certain sites. As soon as you start a WINXP box the first thing it does is phone home to MS, always to the same IP. Not any more. Also, Zonelarm firewall prevents certain programs from calling out but who prevents Zonealarm from calling out? The routing table.
For certain software which likes to call home this is a good solution.
If you are trying to block teenagers who can be more savvy a very simple and efficient way is to have a second, restricted LAN with its own router and wifi. This LAN is restricted using that router’s own routing table. Then this LAN uses as gateway the unrestricted (or less restricted) home LAN. I have done this several times and it works well.
If you install dd-wrt or open-wrt in a router then it gives you much more control.
You can also use an old box to run pfsense which is firewall and router.
More likely, remove the DNS IP address from the network interface and use the HOSTS file to list only the internet names / IP addresses you want to allow. This has the serious drawback of needing to be manually maintained, however.
I do not find that an effective solution because it does not block access to the site if accessed by its IP address.