1. Forum
  2. Usenet
  3. ALT.OS.LINUX.UBUNTU

  • any way to password protect IPv4 and IPv6 settings?

    From Bill S Dimetto@21:1/5 to All on Sun Jul 21 13:16:44 2024
    I recently enabled The Cloudflare Family Filter for a friend basically
    by turning off IPv6, enabling IPv4 and using the IP address for the
    filter. The filter seems to be doing its job while trying to access
    adult sites on Firefox, but he was asking if there was a way to password protect and therefore lock the IPv4/ v6 settings in their current state
    which would only be changeable with the password? I would keep the
    password handy if he ever needed it. I see a "Security" submenu under
    the "Wired" connection settings and it seems to offer an "802.1x
    security" option (currently disabled), but I don't think this would lock
    the settings, or would it?

    Thanks in advance,
    Bill D

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Marco Moock@21:1/5 to All on Mon Jul 22 09:12:45 2024
    On 21.07.2024 um 13:16 Uhr Bill S Dimetto wrote:

    I recently enabled The Cloudflare Family Filter for a friend
    basically by turning off IPv6, enabling IPv4 and using the IP address
    for the filter.

    Disabling IPv6 is bullshit and will not work in certain circumstances.
    It also doesn't help for the filter here because that must be done with
    DNS.

    The filter seems to be doing its job while trying to access adult
    sites on Firefox, but he was asking if there was a way to password
    protect and therefore lock the IPv4/ v6 settings in their current
    state which would only be changeable with the password? I would keep
    the password handy if he ever needed it. I see a "Security" submenu
    under the "Wired" connection settings and it seems to offer an
    "802.1x security" option (currently disabled), but I don't think this
    would lock the settings, or would it?

    802.1x is authentication against a WiFi AP or a switchport. Not what
    you are looking for.

    Check if the user that shouldn't change the settings is in the netdev
    group. Remove it from there and check if it still can change setting in NetworkManager.

    Be aware that the user can plug in another networking device (USB
    tethering from smartphone, USB Ethernet/WiFi controller) that creates a
    new connection with default settings, including DNS that comes from
    RA/DHCP.

    --
    kind regards
    Marco

    Send spam to [email protected]

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Marco Moock@21:1/5 to All on Tue Jul 23 12:05:26 2024
    On 22.07.2024 um 07:13 Uhr Jonathan N. Little wrote:

    Marco Moock wrote:
    On 21.07.2024 um 13:16 Uhr Bill S Dimetto wrote:

    I recently enabled The Cloudflare Family Filter for a friend
    basically by turning off IPv6, enabling IPv4 and using the IP
    address for the filter.

    Disabling IPv6 is bullshit and will not work in certain
    circumstances. It also doesn't help for the filter here because
    that must be done with DNS.


    DNS over HTTPS (DoH) setting in the browser which bypasses network's
    DNS server...FMI it is now on by default in latest Firefox.

    This is unrelated to IPv6. DoH can be done with IPv4 as well.
    If you don't want it, disable it in the browser or select a DoH server
    that does the filtering in the browser.

    --
    kind regards
    Marco

    Send spam to [email protected]

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Bud Frede@21:1/5 to Jonathan N. Little on Fri Jul 26 07:06:19 2024
    "Jonathan N. Little" <[email protected]> writes:

    Marco Moock wrote:
    On 22.07.2024 um 07:13 Uhr Jonathan N. Little wrote:

    Marco Moock wrote:
    On 21.07.2024 um 13:16 Uhr Bill S Dimetto wrote:

    I recently enabled The Cloudflare Family Filter for a friend
    basically by turning off IPv6, enabling IPv4 and using the IP
    address for the filter.

    Disabling IPv6 is bullshit and will not work in certain
    circumstances. It also doesn't help for the filter here because
    that must be done with DNS.


    DNS over HTTPS (DoH) setting in the browser which bypasses network's
    DNS server...FMI it is now on by default in latest Firefox.

    This is unrelated to IPv6. DoH can be done with IPv4 as well.
    If you don't want it, disable it in the browser or select a DoH server
    that does the filtering in the browser.


    My point was not IPv6, but filtering bad sites at the DNS level has been circumvented by DoH in the browser. Also, Firefox now has DoH enabled by default, so one does not have to be savvy enough to reconfigure their browser. All the kiddies have to do is use Firefox to get an eyeful on pornhub...


    I block known public DoH servers on my network. It's a bit of
    whack-a-mole with the lists trying to keep up with new DoH servers, but
    adds another barrier to things trying to bypass my local DNS server.

    That doesn't really help the OP though...

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)