IPFire/AMENDMENT1 with Web Filtering Parental Controls

IPFire is the new Operating System we are testing for the AMENDMENT1 and this version is tuned for Web Filtering Parental Controls. What are Web Filtering Parental Controls? Web Filtering is the process of controlling destinations and resources on the Internet. Parental Controls give adults a passive and automated way to manage screen time, access, and categories of information available to their children and sometimes even their parents (ie, Seniors). Both children and senior citizens are frequently targets on the Internet today and we hear frequent calls for tools to manage both groups. This image update is focused on Web Filtering and Parental Controls for both children and senior citizens.

This version incorporates all of the features discussed in the first release (v1.2), but this version (v1.4) has Web Filtering Parental Controls enabled at startup. This release also uses the AARCH 64 version of IPFire so it is much faster than the previous version, which was built on the legacy IPFire image for Raspberry Pi. The download is a little larger but the uncompressed image is now for a 16GB (15.5 GB or greater) SD Card.

To install and get started using IPFire/AMENDMENT1 just download and burn the image to a 16GB SDHD Card. Once you have completed those steps, you will need to make a few minor adjustments. You will want to log into IPFire/AMENDMENT1 as user “root” with password “cheeseandgrits”. Later, you will want to log into the Web Interface as “admin” with password “cheeseandgrits”. You should change these passwords once setup is complete!

Post-Install Updates

It turns out IPFire tends to be a bit tightly-coupled with the hardware settings. Essentially the Operating System wants to hold on to very specific hardware settings. In this case, it wants to hold on to the Hardware Address of the network cards. Once you have downloaded and unzipped the IPFire/AMENDMENT1 version 1.4 image, installed on a Raspberry Pi 3B or 3B+, and booted up, log in as the root user and enter the command “setup”.

ipfire setup

You should see this screen and you will want to select “Networking”. You are going to reset the network cards configured for the Red and Blue networks. For details on this process, please see the excellent article over on HannaTech. But for the rest of us, this is a 5-minute process to get up-and-running quickly and get Web Filtering and Parental Controls in place quickly!

ipfire drivers and cards

Select the option for “Drivers and Card Assignments”. This will open the option to select new networking hardware.

ipfire change settings

The Operating System will warn you that you are going to make changes. That is correct and you want to move ahead. Just select “ok” and move to the next step. You are going to make some changes. It is normal and expected that Green is “Unset” and it will stay that way.

ipfire remove selected network

For both the Red and Blue networks, you will want to first select the network and then select “Remove”. This will remove the current hardware settings and then we will reapply them for the current hardware. If this is confusing, remember the Image file is created on one machine and you are now applying that image to another machine but the Image file doesn’t know this is happening! After you have removed the current hardware, you will re-apply it in the next step.

ipfire remove card

Yep. You are sure. Do it! (Press “Ok”). Then do the same steps for the Blue network card. When you are done, all interfaces (Green, Red, and Blue) should all be Unset (remember, Green was always Unset).

ipfire select network card

Now you will reapply the network card settings. Select Red and it will open the following dialog for you to choose a network card.

ipfire select usb

The next screen will show two options for applying a network interface – USB: Microchip Technology, Inc or sdio: brcmfmac. To the right you will see the Machine Address Code Address for the hardware in question, which is interesting but not terribly important right now. If you want to write down the MAC Address for the sdio: brcmfmac interface it will be useful in a moment. Just remember that Red is always assigned the usb: Microchip Technologies, Inc interface and Blue is always assigned the sdio: brcmfmac interace. Complete this process for Red and Blue, select Done, and you will see the following dialog.

ipfire green

One of the last screens you will see will remind you that Green is (still) Unset. That’s ok. Just select “Ignore”. The networking functions will restart and that will take a few seconds so just wait patiently until you arrive at the start screen (top of article) and you can select “Quit”. This will drop you back to the command line and now you can complete the final step! If you didn’t write down the MAC Address above, you will want to check the MAC Address of the Blue network so you can update a configuration file with the right MAC Address.


Run the command “ifconfig” from the command line and you will see output similar to the picture above. You will need to reset the Blue configuration settings in a file and you want the MAC Address. If you look back above it will match the MAC Address where we updated the settings in the Card Interface. Here it is listed next to “ether” and it is the 6-pair number. In this example it is “b8:27:eb:da:07:75”. Write it down this time. The let’s open the settings file we need to edit with the following command:

># nano  /var/ipfire/wlanap/settings

That command will open the Nano text editor on the settings file for the wireless lan access point configuration data. The MAC Address of the access point needs to match the MAC Address of the Blue network interface.

ipfire ap mac address settings

In the highlighted section in the image above, where it says “INTERFACE=” the MAC Address should be changed to match the one you noted above. Manually update it and save the configuration file. Log out and now let’s just make sure everything is running ok. You already know the address of this device on your network because it is the address assigned on the Red network above when you ran “ifconfig”. In this example it is set at because that’s the address handed out by whatever you plugged the IPFire/AMENDMENT1 into to get network access. Let’s log in on the local network and check what is happening.

IPFire/AMENDMENT1 is configured with a “pinhole” passthrough on the Red network (outside the firewall) on port 444 so you can log in to the Admin Web Interface in case something is not going well on the Wireless (Blue) network. So, you can log in using the above examples on another computer (on the same network) at You will see a dialog like above warning you this site has a self-signed SSL Cert. Accept the Risk and move on amd you will be greeted by the following screen, after you log in as “admin”.

Select the WLanAP to check the configuration of the Wireless (Blue) network Access Point. On Raspberry Pi 3B, the “Automatic” channel selection seems to cause problems, so make sure you manually select a channel. On Raspberry Pi 3B+ select “Automatic” for channel selection. Also, be sure to check the appropriate Country Code for your location is applied.

When you see Green “Running” dialogs like above, you know everything is working as expected. For a quick overview of the the selections and features available with Web Filtering Parental Controls, check out the the following overview of features. To learn more about IPFire and its capabilities, visit the IPFire Website

Tell Us What You Think