@mattsmith30 welcome to the forum.

The Hub Two firewall is not configurable so an alternative method would  be needed. 

Deleted some of the post, as incorrect

Thanks for this very useful. Unfortunately switching off the Wi-Fi is not an option.

Can you recommend a router that would be suitable?

@mattsmith30 When @corringham said said 'switching off the Wi-Fi' he meant the phone user switching to data, not switching off the home system.

@mattsmith30 

Before spending your money be aware that there are other ways of circumventing your hub DNS settings.

@jab1 Yep, that's not happening, thanks

@Baldrick1 I have pointed my router to clean DNS to block adult content, this can be bypassed by activating a VPN. I would like to block VPN. Any alternatives please let me know

@Baldrick1 is quite correct, the router's DNS can be bypassed by setting an individual device (PC, tablet, phone) to use an alternative DNS service (you don't even need a VPN to do this).

Blocking access (for anyone but a naive user) is difficult as the whole internet was designed to be resilient and to make access possible. That was with the cold war in mind, rather than blocking illegal or immoral activity - design decisions were they to be made today could well be different.

---

@mattsmith30 wrote:

I have pointed my router to clean DNS to block adult content, this can be bypassed by activating a VPN. I would like to block VPN. Any alternatives please let me know

---

You cannot block VPN on something like a phone/tablet which is used by anyone with the ability to download and install such a program.

---

@mattsmith30 wrote:

I have pointed my router to clean DNS to block adult content, this can be bypassed by activating a VPN. I would like to block VPN. Any alternatives please let me know

---

You're fighting a losing battle here, some VPN's can be configured to use port 443 for example and you can't block that.

DNS settings can be changed on the devices as well, again bypassing whatever you've configured.

I would think carefully just how much you'll achieve before laying out on a new router.

Commercially I've used a Wingate box.

All user traffic routes through the box and the router is configured to allow user traffic only from that box to the outside world. 

@Champnet That is in a commercial environment. How much does the Wingate box cost, and is it a practical solution for a home user? Not saying it can't be done - it obviously can, I'm just interested.

However, my post above was to try and get some sense out of our new contributor ' gijona4  '

@mattsmith30, you need to be clear about who you are trying stop, and exactly what you are trying to stop access to.

Stopping a young child accidentally accessing adult content is quite different to stopping a tech aware teenager accessing whatever, and different again to stopping possibly criminal activity by tenants etc.

You then need to "war game" the situation - play "what if" with various scenarios to see whether any solution might work:

For example consider the solution of a router with parental control enabled:

- will a young child stumble on adult content? Probably not - job done!

- will a tech teenager deliberately gain access to dubious content? Probably - they can use a VPN, change DNS settings, use mobile data on their mobile, pop round to a mate's house and use their wifi

- will a criminal gang access whatever they want? Almost certainly - parental control is fine if you just need to show that you didn't allow access, but little use if you really really want to stop access.

@jab1  The Wingate setup is a commercial solution of no help to this thread but it does show what can be done. The cost is not great but does need a router/firewall that can be configured for outgoing traffic. Thr program can be installed on a PC, Server or VM.The activity screen can be fascinating to watch...........

https://www.wingate.com/