Hello,
Friends, how do I block pornography images in my RB? I have a rule that blocks all VIDEOS, but today I discovered that my son opens pornographic images from this page “ANNIE HENTAI” and places images, because the videos cannot be opened, so please help me.
Blocking is never the answer, they will allways find a way.
It’s better to educate and to supervise until a certain age. When they reach puberty you just have to learn to trust them.
I understand, but as if there are rules to block pornographic videos, there must be some rule to block pornographic images of ANNIE HENTAI.
Nope, don’t know that one. I mean, seriously, do you expect us to know every single porn page on internet? No human can do that. 
You also didn’t share any info at all about your config, how you block things, etc. Anyway, I don’t think you can win, you’ll block few pages, and there will still be millions of others left.
You didn’t read what I wrote, did you? You can ignore the last sentence, but the rest stays. There’s nothing to work with, you didn’t provide any useful info.
Ok, excuse me, so I block the pornographic videos
add action=dst-nat chain=dstnat comment=“block porn” dst-port=53 protocol=udp src-address-list=“BLOCK PORN” to-addresses=208.67.222.123 to-ports=53
https://www.opendns.com/setupguide/#familyshield
is one idea worth exploring, lets us know how it works!
So put their DNS servers in for all DHCP network settings 208.67.222.123
…
and for the IP DNS servers as well.
208.67.222.123
208.67.220.123
…
You don’t have to add it for whole network (some other users may not like that). Dstnat was ok. In fact, better, because it also intercepts requests to other servers (e.g. if someone configured them manually on their device). Only you should add one more rule, exactly the same as you have now, but with protocol=tcp instead of udp. Keep the old one untouched, so you’ll have two. But it won’t help, it’s just small fix to have complete config.
As for the real problem, the filtering is done by remote server, and it’s the same for pictures, videos, everything, because it works with hostnames, i.e. it blocks whole servers. If it doesn’t block some, it probably means that they don’t know about it (there are millions, so some will always slip through), or it’s porn on some otherwise legitimate domain. So you’d have to contact them and report it, so that they could add it to blocklist.
But if your son discovers DNS over HTTPS, VPN, proxy servers, … you’ll still lose, because you can’t block all that.
This will no longer work as most web browsers now default to using DNS over HTTPS to increase user privacy. That rule is for classic DNS - it would have worked before DNS over HTTPS came out, but is now almost useless. There is no way to construct a rule that will match DNS over HTTPS traffic in that same way.
If the blocking currently works for some/most servers, it means that browser uses regular DNS, so it’s not completely hopeless, as long as user doesn’t try too hard to get around it (or can’t, but it would require completely locked down environment).
I use OpenDNS with a Mikrotik script to update the IP. We use this at the school to block porn, anime and other games website. U can also block certain VPN, anonymizer use OpenDns. The router will block other port 53 and translate to openDns servers. The kids haven’t figured DOH yet, once they do then I will have to figure it out as well.
Turn off safe search on your google search
Do a search for example for “sex nude”
Select picture.
To block this, you need to have 100% control of the PC.
You can block google.com, but then just use bing.com instead. Same problem.
Too funny Jotne I thought this thread was about blocking porn, not facilitating the access to porn! 
It was just to show that trying to block some are more complicated and nearly impossible today.
I was pulling your third leg mate! 
Good one.
/s
Well it is true - increasing user privacy is the main goal of it. So in this case, the aim is to increase the privacy of the son, and give his father less ability to see what his son is doing.
This downside of the technology is outweighed by the benefits in other cases - ex. potential ISP tracking of what websites customers are going to and then selling the statistics, or authoritarian regimes in certain countries using this information to spy on a customer’s web traffic.
Some Western governments like the UK have people actively pushing to get rid of these privacy protections to “protect the children”, but this I think is a very misguided path to go down. There are other ways to protect children (ex. content filtering software installed on a PC, or monitoring of the child) rather than trying to get rid of encryption, or allowing for reversible encryption, to try to “resolve the problem”.
You cannot block porn using RB …
You can block porn by using a solution like Untangle running in conjunction with your RB Router …
Untangle has a learning curve so its not easy nor is it cheap — but once you learn how to you can effectively block porn plus many other stuff.
Untangle Web Filter
Is untangle applied at the router lever or on each PC?
The chain is as follows:
RB acting as the Router → Untangle in Bridge mode as the "Filter → Switch where all the devices are hung including all AP’s
There are multiple Bridge configurations possible — following is link to networking using Untangle
Untangle can be the Router as well and that takes RB out of the picture … But if you are heavily invested in Tik gear THEN Untangle in Bridge mode makes sense especially if you want to block porn etc.