Cant seem to be able to figure out how to block certain apps from most users on my home network and only give a select few access to these apps, as an ALLOW LIST vs a BLOCK LIST, Block list are futile on my home network. Now that all OS have rolling MAC addresses, unless told not to change, IPs are not static. I have cheeky kids and they figured this out so block rules don’t really work. Taking the device away only option I have right now, don’t want to do this. If I allow by Mac they are incentivized to not change them.
Apps like Discord, Steam and VPN access of any kind for example are what I am trying to block.
When I tried to do it via firewall rule it seems that I can’t use order to set Allow above Deny, Deny always wins. If I try to use an object rule it seems block all access for the other apps and only allow what I explicitedly asked it to allow.
I it even possible to create Allow only lists in this fashion.,
You should be able to create blocklist for a particular network and that will solve the changing MAC addresses but if any of those devices are using a VPN they will bypass that.
This can be done via DNS using such a service as OpenDNS, it has native categories or you can add specific sites.
What ever is providing your DHCP, set the DNS options to provide the DNS server of OpenDNS and then any query will be responded to based on the rules you set. Its great to filter out known phishing sites, gambling, inaprproate content etc, all the sorts of things younger eyes shoun’t see. you can also block all the common VPN services too so adding a layer to the clever one that use a VPN to get around any such restrictions.
We provide a public service at the holiday center and use this service to prevent inappropriate content coming onto the network. some of the biggest complaints we get are My VPN doesnt work, discord doesnt work, facebook, x and even on occasions we get asked to allow adult sites.
Sounds like an add for OpenDNS but its a simple service and works well. and better yet its free.