I'm a new OpenWrt user with a Netgear R7800 and the latest stable release (OpenWrt 18.06.4 r7808-ef686b7292). I want to implement parental control so that my kids are shielded from adult content.
I have followed the parental control page linked at https://openwrt.org/docs/guide-user/start.
It properly emphasizes about DNS-based blocks (bold added by me)
These can be foiled quite easily by using another internet site to lookup the IP address for the site and bypassing DNS altogether. The adblock package seems to do this. The most reliable mechanism to block access to a public site is fw3 rule to block a site.
While I like to have a DNS based solution like OpenDNS as an extra layer, I also want something that can't be bypassed in 10 seconds by browsing a dnslookup site and entering an ip adress in the browser. And I don't see how, in practice, I could get somewhat comprehensive blocklists by creating manually f3 rules, as suggested in the "Parental Control" page of the user manual.
How can I easily setup "real" content filtering for adult sites? (The banner in the forum constantly nags me with the "easily-configured" feature of OpenWrt)
Squid/Squidguard seems interesting but Squidguard is real old and Squid pretty complex (Squid doesn't appear in the System/Software list of Luci. The length of https://openwrt.org/docs/guide-user/services/proxy/proxy.squid is impressive. Squid requires special maintenance when sysupgrading https://openwrt.org/docs/guide-user/services/proxy/proxy.squid#maintenance. And I'm not even sure this covers Squidguard, or downloading the required lists like http://www.shallalist.de/ ) DansGuardian also seems interesting but really dated.
Thank you for your time