Mesh Wifi with good parental controls: porn blacklisting

T4rd

Fully [H]
Joined
Apr 8, 2009
Messages
19,441
I have been using Pihole to block porn/gambling/gore/etc sites for a while now and it seems pretty effective. I found some dynamic adlists I think posted on the Pihole forums for all that stuff and just dropped it into there.
For all their PC's, turn off DoH (secure DNS) on all installed browsers. Chrome and Firefox have that in the settings. Depending on their aptitude, they may have the ability to turn it back on though. More advanced firewalls (like pfSense) have the ability to block some of that, but it's not a perfect science.

And finally, I hope they don't figure out how to use public VPN's....
They can also just change their local DNS settings to 8.8.8.8/8.8.4.4 or whatever to bypass your Pihole. Fortunately my kids barely know what an IP is still, let alone how to change one on a device. Though my son has a phone now and knows he can just tether off of it whenever I block him on the home network (for not doing chores or whatever), so I have to physically take his phone when it comes to that point. There's no technical way for me to keep them from using other networks aside from putting some kind of MDM software on their phone.
 
Last edited:

Valnar

2[H]4U
Joined
Apr 3, 2001
Messages
3,910
I have been using Pihole to block port/gambling/gore/etc sites for a while now and it seems pretty effective. I found some dynamic adlists I think posted on the Pihole forums for all that stuff and just dropped it into there.

They can also just change their local DNS settings to 8.8.8.8/8.8.4.4 or whatever to bypass your Pihole. Fortunately my kids barely know what an IP is still, let alone how to change one on a device. Though my son has a phone now and knows he can just tether off of it whenever I block him on the home network (for not doing chores or whatever), so I have to physically take his phone when it comes to that point. There's no technical way for me to keep them from using other networks aside from putting some kind of MDM software on their phone.

The Phone is an issue for sure, unless you don't get an unlimited plan and hope they have a conscience. In that case, one overage and take the phone away.

If you have a good enough firewall, you can intercept any DNS queries on udp/53 to anywhere (like 8.8.8.8) and force it back to your PiHole.
 
  • Like
Reactions: T4rd
like this

T4rd

Fully [H]
Joined
Apr 8, 2009
Messages
19,441
The Phone is an issue for sure, unless you don't get an unlimited plan and hope they have a conscience. In that case, one overage and take the phone away.

If you have a good enough firewall, you can intercept any DNS queries on udp/53 to anywhere (like 8.8.8.8) and force it back to your PiHole.
Thanks, I'll check out the firewall options on my Edgerouter X, not sure how robust it is (probably not that great).
 

Modred189

Can't Read the OP
Joined
May 24, 2006
Messages
15,708
The Phone is an issue for sure, unless you don't get an unlimited plan and hope they have a conscience. In that case, one overage and take the phone away.

If you have a good enough firewall, you can intercept any DNS queries on udp/53 to anywhere (like 8.8.8.8) and force it back to your PiHole.
Or don't get your kids a phone. Or just get a flip phone.
That's my solution when the time comes. My parents' rule, and I think it was a good one, was "you can get a phone when you can afford one with the data plan." Once I got a job, I ended up getting this sweet Kyocera slider on Virgin Mobile prepaid.
1657800824785.png

It honestly was a great phone.

I think I'll amend it to, "you can get a smart phone when you can afford one yourself with the data plan." Combined some enforcement of rules with an impetus to getting a job with reliable pay.
 

Valnar

2[H]4U
Joined
Apr 3, 2001
Messages
3,910
If they're just little kids, they don't really need a phone. Sure, they'll want a "device" of some kind, so get them a Wifi-only iPad or similar.
 

Modred189

Can't Read the OP
Joined
May 24, 2006
Messages
15,708
If they're just little kids, they don't really need a phone. Sure, they'll want a "device" of some kind, so get them a Wifi-only iPad or similar.
We're lucky. Except for the basic $150 laptops I got them for covid school they now use for Minecraft once a week, they don't really ask for much screen time because they read so much.
But it's coming eventually. They're 9 and 7 now.
 

Vermillion

Supreme [H]ardness
Joined
Apr 5, 2007
Messages
4,361
I have been using Pihole to block porn/gambling/gore/etc sites for a while now and it seems pretty effective. I found some dynamic adlists I think posted on the Pihole forums for all that stuff and just dropped it into there.

They can also just change their local DNS settings to 8.8.8.8/8.8.4.4 or whatever to bypass your Pihole. Fortunately my kids barely know what an IP is still, let alone how to change one on a device. Though my son has a phone now and knows he can just tether off of it whenever I block him on the home network (for not doing chores or whatever), so I have to physically take his phone when it comes to that point. There's no technical way for me to keep them from using other networks aside from putting some kind of MDM software on their phone.
At that point I would lojack the phone with an MDM of some sort. It's too bad you can't use the built in profiles of iOS by default. They force you into needing a work/school account. The parental controls also don't appear to limit access to WiFi which is fucking stupid.
Thanks, I'll check out the firewall options on my Edgerouter X, not sure how robust it is (probably not that great).
Isn't the Edgerouter X just Debian or something? iptables should work in that case so you can block that stuff that way.
 
  • Like
Reactions: T4rd
like this

Vengance_01

Supreme [H]ardness
Joined
Dec 23, 2001
Messages
6,695
I plan to get my kids those watches that can call and receive messages but not a really phone till they can pay for it themselves
 

T4rd

Fully [H]
Joined
Apr 8, 2009
Messages
19,441
At that point I would lojack the phone with an MDM of some sort. It's too bad you can't use the built in profiles of iOS by default. They force you into needing a work/school account. The parental controls also don't appear to limit access to WiFi which is fucking stupid.

Isn't the Edgerouter X just Debian or something? iptables should work in that case so you can block that stuff that way.

He's on Android, but if you know if a good free/cheap MDM solution for kids, I'm all ears. I was using Cerberus until they revoked my one-time paid license and went to a subscription model and that pissed me off so I dropped it. But Cerberus was more for tracking their phone and sending remote commands to it rather than doing any sort of content filtering and config management.

Edgerouters run their "Edge OS" which apparently is a derivative of Debian/Linux. Never tried to install any packages onto it though, I'll look that up and check it out later when I'm home. Thanks.
 

motqalden

[H]ard|DCOTM x5
Joined
Jun 22, 2009
Messages
2,697
Are you trying to train your kid to be a hacker? This will provide the neccesary motivation.
 

Vermillion

Supreme [H]ardness
Joined
Apr 5, 2007
Messages
4,361
He's on Android, but if you know if a good free/cheap MDM solution for kids, I'm all ears. I was using Cerberus until they revoked my one-time paid license and went to a subscription model and that pissed me off so I dropped it. But Cerberus was more for tracking their phone and sending remote commands to it rather than doing any sort of content filtering and config management.

Edgerouters run their "Edge OS" which apparently is a derivative of Debian/Linux. Never tried to install any packages onto it though, I'll look that up and check it out later when I'm home. Thanks.
I'd look into Google Family Link. https://families.google.com/familylink/
 

T4rd

Fully [H]
Joined
Apr 8, 2009
Messages
19,441
Yeah, tried that and Google takes some liberties with their restrictions on that and you can't override them, most notably it restricts your kid to Youtube Kids, which any kid under 10 or so will immediately hate and hate you for. It would be much more useful if I could let them use normal Youtube with restrictive mode enabled (which I've learned you can actually force at a network level). You can kind of sidestep it by having your kid go through the browser instead, but the functionality there is pretty janky relative to the native app.
 

Vermillion

Supreme [H]ardness
Joined
Apr 5, 2007
Messages
4,361
Yeah, tried that and Google takes some liberties with their restrictions on that and you can't override them, most notably it restricts your kid to Youtube Kids, which any kid under 10 or so will immediately hate and hate you for. It would be much more useful if I could let them use normal Youtube with restrictive mode enabled (which I've learned you can actually force at a network level). You can kind of sidestep it by having your kid go through the browser instead, but the functionality there is pretty janky relative to the native app.
What about just using multiple users on the Android device? I have never done it so I don't know what restrictions can be put in place but may be worth looking at.
 
Joined
Apr 22, 2015
Messages
577
Interesting reading. All my kids are in their mid 30's, but back in the day, I used to modify the HOST file and add ip addresses that I wanted excluded from access. The big one was youtube and other social media web sites were blocked from access; however, I'm sure my kids friends had access and they would go to their house.
 
Top