How I secured my home network

Like many of you out there I've a family and the need to keep children safe while they surf the web. Being a computer geek, back then, I decided to write a software all by myself because, about security matters, I trust no one. So UFS was born. At first it was just a software running on a windows computer doing filtering for the computer itself, but later it changed to be a complete internet filtering solution through dns sinkhole. From that moment I can filter dns requests for almost any kind of device running any kind of operating system on any kind of processor. This is how I did it:

  1. I bought a fan less Intel Atom mini pc with windows 10 (up and running 24/7) and denied (on internet router) outgoing tcp and udp connection on port 53 (dns) for all the network (except  this pc obviously) ;
  2. I assigned a static ip address to every device inside my home network and configured as dns server the ip of the atom mini pc;
  3. I've installed UFS on the atom mini pc and created two user groups to separate children devices from the adults ones, then I created a new user for every device naming the user with its ip address;
  4. I configured UFS to run as a DNS Sinkhole server, turned on mandatory user to have different filter rules for different ips, and setup rules for sites filtering (ads, tracker, anonymous vpn, redirectors and spyware  for everyone and porn, social network, chat systems, violence, etc, etc for children);

"IP" is the user group for adults devices. "IP CON RESTRIZIONI" is the user group for children devices.

The children devices differs from the adults ones for filtering rules, also these devices cannot:

  1. resolve unknown hosts (those not already inserted in a category);
  2. resolve whitelisted sites.

Thanks to UFS and setting up static IP addresses, I can filter dns requests per device and check whatever is happening on any device at home while keeping different filtering layer based upon device's ip.