Firewalla is an inline firewall with IDS/IPS functions + bunch of cool features for homes. In case you want to know where Firewalla block and what it is doing it, here you go. You can usually get a global view of all the blocks via the rules button. https://help.firewalla.com/hc/en-us/articles/360007134854-Tutorial-Manage-Rules
1. Family Mode
Family mode relies on OpenDNS to filter out bad and adult content. This is done by forwarding your normal DNS to OpenDNS servers. Here porn / malicious sites will be blocked via DNS query.
2. Ad Block
Ad block mode is also done via DNS. The difference with (1) is, the query is local, no third party is involved. Since the query is via a DNS cache inside firewalla, your DNS lookups will be faster than normal.
Autoblock only will happen if Firewalla is very sure the site you are accessing or is accessing your device is 'bad'. Here we will block it. To unlock, go to alarms and tap on 'ignore'. (Or go to archive under alarms and unblock there)
Most block here is done using the IP address, blocked is in the switching path. (iptables if you know what that is)
4. Active Block
The active block is a pre-loaded list of bad sites; this list is something we computed over the cloud. Currently there is no way to remove items from this list, but you can turn the whole list on/off using
"+" -> Cyber Security -> active block
5. Port Block
Port block are done when you tap on the open port in "open port" button.
6. Category Block
These blocks are more sophisticated. It is pretty much you tell us on what category (video, game, porn) to block, and firewalla will compute what to block. All block lists are IP based, and they are dynamic. The only way to remove these blocks is to disable the category block feature. (such as the social hour feature)
7. Everything else is likely triggered by the user. You can remove those by going to rules and tap on the entry that you want to remove.
For the strongest protection, we do recommend the following:
1. Turn on family mode, this will block malicious sites from DNS lookup.
2. Turn on the autoblock. (this feature should be automatically on in the future). Tap on +, tap on cyber attack protection then turn "active protect" on.
3. There will still be some alerts that are default block, these are usually behavioral or something related to 'we are not sure'.