Blocking porn in my house: how to do it right

When I first started taking my porn addiction seriously, one of my first steps was to implement a content block in my household, to prevent me from being able to watch porn, even if I wanted to. I wrote about the various technical steps in doing this in this post. The basic premise was to apply content blocking at the ISP level (e.g. your internet provider like BT or Sky), rather than at a device level, as this applies the block holistically to the entire house and all devices automatically.

The problem was that I found a workaround, and after a while I just reverted the block as it wasn’t working because of this workaround. Additionally, I felt that simply blocking porn without addressing the underlying desire was just a plaster – it wasn’t addressing the root issues.

However, during my second therapy session, my counsellor advised that although I am right – blocking alone isn’t enough and is just a plaster – it is a good way of helping to achieve a period of abstinence from porn, which is a key step in the recovery process. He advised revisiting the content block solution and so I have done, and this time I’ve plugged the workaround and am pleased to say I now am entirely unable to access porn at home.

The following is a bit technical, but may serve as a useful guide for any others wanting to block porn at home

There are two ways of blocking porn at home. One is by installing software on all of your devices that monitors what the user is doing and prevents any pornographic images or websites from being shown. The second is to apply a similar block higher up the chain, at the ISP level (Sky, BT, Virgin Media), that blocks all porn to all devices in the house. The problem with the first option is that most mobile devices, certainly Apple devices, don’t allow for such software to be installed in the first place.

So my preferred method was to implement the block higher up the internet food chain, so that my any device in my house, regardless of make or model or software, could not access porn. This method is known as a DNS-level block. DNS is a standard method of locating websites over the internet. When you type in a friendly website name like google.com, your ISP takes that name and performs what is known as a DNS lookup, which essentially converts that friendly name into a specific IP address on the web where that website content can be loaded from. When you enable a DNS block, your ISP essentially adds some rules to that lookup service that ensures that if a porn site is requested, instead of looking that site up and showing it to the user, it simply does nothing (well actually it redirects to an information page saying the page has been blocked).

It looks a bit like this:

ISP-level porn block

The tricky bit is that there are many different DNS lookup services out there that all do mostly the same thing, and it is very easy to re-configure your laptop or phone to use them instead of the one that your ISP uses. Google operate a public, free DNS service for example. So for example, if I change the DNS lookup server setting on my laptop to use Google’s service instead of my ISP’s, when I type in a porn website’s name that my ISP is blocking, instead of asking my ISP for the website and receiving a blocked warning, my laptop simply asks a different company for the website address, bypassing my ISP’s name lookup service and gets the full site in return.

So how to fix this? Well I discovered that it is possible to block non-ISP DNS lookups. You do this by reconfiguring your router, and this means that your router can detect if you are trying to use a DNS service other than your ISP’s, and block the traffic completely until you remove the bypass. To do this, you first need to identify your ISP’s DNS service IP addresses (Sky’s are 90.207.238.97 and 90.207.238.99). You then need to add port forwarding rules to your router to block access to port 53 to all public IP addresses other than these IPs. So for me, I created three block rules in my router:

1. 0.0.0.0 to 90.207.238.97

2. 90.207.238.98

3. 90.207.238.100 to 255.255.255.255

This means that the only two IP addresses that my router will allow port 53 to be accessed, which is the port used by all DNS lookup services, are the two provided by my ISP.

The final step was to allow my wife to change the admin password on my router so I can’t log in and remove these rules! This is now done, and I am now unable to bypass my ISP’s content block!

Feel free to get in touch if you’d like more info on this or some help on how to set this up in your house. The only drawbacks is that it doesn’t block porn on your laptop if you connect to a different wifi network, so if you think that is a risk for you, you may want to consider also installing blocking software on the laptop itself. It won’t help for your phone or tablet though but for me blocking at home is removing 90% of the chance of me watching porn.

Advertisements

4 thoughts on “Blocking porn in my house: how to do it right

  1. Thanks for sharing this! My oldest is starting to become more active on the computer and I have been researching what is the best way to protect the kids from porn. It is impossibly pervasive. Love the diagram/deets.

    1. Glad it was helpful. The key things to do are:

      1. Enable the content block service as provided by your service provider (call them up or enable it through their web portal if they have one)
      2. Identify your router and log into its admin panel, usually done by typing the router IP address into the browser (e.g. 192.168.0.1) – look at your ISP’s support documentation for how to do this, or on the back of the router.
      3. Change the admin password of the router so only can access it from now on (if you don’t do this, anyone on your network can access it as the default username and passwords are public knowledge).
      4. Enable the blocking of port 53 on all IP ranges except those used by your ISP’s DNS service.

      Do that and you’ll have a nice and secure home network.

      In addition, you should contact any phone carriers or tablet data providers you have (e.g. if your tablet has a SIM card, and all mobile phones), and get similar content locks put on them.

      Finally, what I would say is that if you have a child who is approaching the age of higher internet usage, your best tool against harm is education. When I got access to the internet, no-one knew of the dangers of porn, or how prevalent it would become, but we do now so we can help our kids understand the dangers. You’ll never really shield them from it totally so they need to be armed with the knowledge of what to do when they encounter it, and to see it for what it is and in perspective.

      Good luck!

Share your thoughts...

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s