What do you use for URL and keyword blocking?

Today I trekked down to the local Fry’s and picked up a couple of items I’ve been wanting and needing.  The first item was the Netgear FVS318 ProSafe VPN Firewall.  On paper this firewall has everything I need, except one thing.  Throughput. 

image I have a Verizon FIOS internet connection.  The 25/5 plan I have gives me great speed.  But after connecting the Netgear FVS318 and running some speed tests, it became all too obvious very quickly this was going to be a swift return.  I was only getting download speeds of 7MB and upload speeds of 3MB.  In other words, this device was a terrible bottleneck.  So I didn’t even bother testing URL blocking or content filtering.  The picture at right is what it’s supposed to look like.

So back to the question in the title.  What do you use at the gateway level to block websites or do content filtering?  I was talking with a nice man and his wife about their needs, and they would also like content filtering via keywords.  I noticed the FVS318 allows for 32 URLs or keywords, but that seems like a pretty small list.  If you have teens, you know why I am asking.

Most of the consumer grade firewalls seem to be lacking this feature.  I used to do this easily with the ISA Firewall Server that was part of Microsoft Small Business Server, but I am no longer using a business class static ip plan internet connection.  Maybe it’s time to move back.  My wife is pretty fed up with hosted email.

Recommendations and advice welcome.  Thanks.

One last thing to the parents reading this.  Do yourself a favor and do not put computers in the bedrooms of your home.  Keep all of the computers and game consoles in a common area.  This includes laptops.

Comments (17)

  1. gary k says:

    i use the dlink dir-655. i get over 30 down with it. i don’t use blocking, but this one has 40 entries.

  2. Blake Handler says:

    As a parent I can’t wait to read these follow-up comments.

    I actually tried using Vista’s built-in Parental blocking — but the computer became too slow.

    Thankfully, my daughter is only 9 and I can simply add "blocked" websites to her HOST file. Give her some time and I’m sure she’ll figure how to change that simple text file! (^_^)

    Blake Handler – Microsoft MVP

    "The Road to Know Where"

  3. Maxum says:

    Tell your wife to upgrade to an MS Exchange hosted email solution & she should have better results.  I would recommend Apptix or MailStreet. They are both great.

  4. Keith Combs says:

    Blocking and control needs to happen at the gateway level.  This is trivial with commercial grade software or hardware.  

    The problem is that the consumer firewalls lack what is needed, and software solutions are less than ideal.

    Someone needs to do a comprehensive evaluation of hardware and software solutions for parents.

  5. Keith Combs says:

    Jason sent me the following email, which I am now off investigating.

    "Keith, I use OpenDns to block unwelcome content. It is quite customizable and has no limitations on what URLs it will block. They also provide categories of web sites to block so you don’t have to keep up with everything. It is also free and because it actually blocks DNS resolution, does not impact your throughput. A tech savvy person could go around it if you don’t set up an explicit rule in your firewall to only allow DNS queries to the OpenDns servers. Because all resolutions go through their servers, they also maintain usage statistics that you can review.

    I have been using them for at least three years now and have never had an issue. Setup is a breeze as is maintenance."

  6. Antknee says:

    You can still use ISA with a DHCP address. I can’t recall off the top of my head where that setting is but I hvae set ISA up this way before. Its just not enabled by default.

  7. AllenMiller says:

    I second the OPENDNS.  It’s free and very professional.  In addition to just using it for DNS, you can open a free account and enable their blocking.


    Allen Miller


  8. djmundy says:

    I left my feed reader to comment and recommend OpenDNS, but I see that others have beat me to it! I can’t even second the recommendation… I third it!

  9. Richard Kenyon says:

    Will chime in for a third on http://www.opendns.com

  10. Keith Combs says:

    WOW.  I setup OpenDNS and have it blocking the needed domains.  Nice!

  11. Karl Fleischmann says:

    Yes OpenDNS is great.  You’ll also want to checkout the other features they provide including statistics and shortcuts.  I recommend it to all I talk to.


  12. David Spiess says:

    Use OpenDNS.  Its free and works great.  Very easy to setup with DNS forwarding on your router/firewall unit.

  13. DL says:

    I could not agree more with your last paragraph, and I tell my clients this all the time.  You wouldn’t put a TV in your kids’ rooms with access to adult PPV, but that’s pretty much what you’re doing by sticking a computer in there.

    I’m also with you on ‘The Unit’ being cancelled.  One of my favorite shows.  If they dropped all the wife nonsense I could see them moving to Spike.

  14. Steve Hoek says:

    I had the same problem with the FVS318… its older brother, the FVS338, has a broader set of features and is free of any bandwidth bottlenecking.

  15. Jordan says:

    Funny how you worked on so much Microsoft technology that something as basic as OpenDNS is something you’ve overlooked or were not aware of.  there are sooo many more solutions out there also…but I still get paid by MS =)

  16. filter comments says:

    you obviously filtered some comments here…specially if it showed your ignorance on only ms only products…loser

  17. Keith Combs says:

    Let’s see, where to start…  First of all, I have known about the Dynamic DNS and Open DNS products for years and years, but never had a need to use them.  So I’m a loser?  Right.

    And yes, I moderate all comments but considering I do have a day job which requires travel (Monday) and live events (Tuesday), I don’t always get to respond to the jerks on the internet right way.

    And you’re right, if someone is being an overt jerk, I usually delete the comment.  I left yours just for fun.

Skip to main content