You might be able to find a thin-client and install a Linux distro on it after researching if it would accept and verify that the proposed Kernel has support for said NIC...

try opendns

I've used pfsense before, installed on a fanless atom server with an SSD in it. Worked fine as a gateway for an office with about 40 users.

It's easy to configure what you want and you could probably install it on a Raspberry Pi, but I haven't looked into it. Only thing is you might want a machine with two NICs so you don't have to worry about throughput.

--B

I manage ~50 SonicWalls at work that are at client locations. I also manage the big bad SonicWalls at my company's datacenter (have some NSA 3600s coming in!)

Their content filtering does exactly what you want. BUT, the cost of entry to buying the appliance is prohibitive for a home environment and the content filtering is an add-on subscription. However, with any content filtering there's nothing that's foolproof.

OpenDNS mentioned earlier will work. Point your router to their stuff and go. It'll block 'dirty' DNS requests. However, pretty much all middle schoolers and older are familiar with how to use proxies to bypass these at the very least. Others know they can just configure different DNS records on the adapter. (You can block outbound DNS requests to any other server... but you start getting into SMB-Enterprise level solutions here). HTTPS (secured websites) is pretty hard to screen except when you do explicit allows (will create headache for you).

Building an open source appliance may work. Really depends on how it's doing the filtering, who's creating/updating categories/sites, etc. Also, you're maintaining another computer on the network, which might not be worth the time to implement + maintenance overhead.

At home I have a Linksys EA3500 that I got for free. When I updated the firmware, I got Linksys' "App Enabled" version of the software. One of the "Apps" you can purchase reportedly does what you're looking for. However, I haven't tested its efficacy.

It meets your requirement of fanless. (You can use any of the "App Enabled" routers)



You might try that and see how effective it is before you go crazy spending time and money. Cost of entry is a new Linksys router + 3 dollars for the App (NOT an expiring subscription). It allows you to manage from the web and smartphones to monitor.

It's also backed by Linksys/Cisco, so chances are they know what they're doing. Though, I'm not sure if the App is a Belkin (who bought Linksys) or Cisco project.

I'm not understanding what two NICs would have to do with throughput? Your WAN interface, even on a premium Cable connection is going to be sub 60Mbps, hardly saturating the link. Your LAN interface won't matter, as you'll have to have a switch/router/AP/etc. behind that. Intranet traffic won't go out the gateway of last resort (default gateway); the filter won't even see it.

You'll need two interfaces if you want to guarantee traffic flows through the content filter. Otherwise you'd have to something like below:

Ex. if you have a subnet of 10.0.1.0/24 you ostensibly could have your router at 10.0.1.2, your content filtering appliance at 10.0.1.3. Have your DHCP server dish out 10.0.1.3 as the gateway. Your appliance can then go out on the 10.0.1.2 IP. BUT, then you also need to make sure via some means that the 10.0.1.2 gateway cannot be accessed directly from any node other than 10.0.1.3.

Also, depending on how you do this most power users will run into issues with self introduced rogue DHCP server issues (enabled on the filtering appliance and the router/firewall), potential DNS problems, etc.

But yeah, in this case you could have issues with throughput (single interface). However, it's also the wrong way to do things.

+1 for Sonicwall. TZ100/105 is small office level, but very robust. Like Fizz mentioned, the content filtering requires a subscription which isn't feasible for most home users. The cost to play starts at about $250+ for the appliance.

Sorry, my choice has a fan

And this fan is noisy at work in a quiet lab with the equipment off.

But at home with the dogs and cats and fans going, I don't hear it: Netgear UTM 10. Same model at work and home. License for 3 years ~$500.