How I implemented parental controls

asterisk · March 1, 2021, 4:21pm

I think I'd share my approach for simple parental controls. Since the API does not support this yet my approach is script based.

I have a named group (NoGameNoTube). I have specific devices assigned to that group (I use DHCP reservations so there is no volatility). I have several domains (wildcards, regex, or plain) prohibited or allowed and assigned to the named group. I do not block everything for that group so that the devices still think they are online.

From a script I enable or disable the domain list. A crontab entry calls the script with the respective option. The list can also be dis- or enabled via the web interface.

#!/bin/bash
# call this script with 'scriptname school' or 'scriptname playtime'
# warning: you may break your database

if [[ "$1" == "school" ]]; then
    sudo sqlite3 /etc/pihole/gravity.db "update 'group' set 'enabled' = 1 where name = 'NoGameNoTube';"
    /usr/local/bin/pihole restartdns reload-lists >/dev/null
fi

if [[ "$1" == "playtime" ]]; then
    sudo sqlite3 /etc/pihole/gravity.db "update 'group' set 'enabled' = 0 where name = 'NoGameNoTube';"
    /usr/local/bin/pihole restartdns reload-lists >/dev/null
fi

jfb · March 1, 2021, 9:39pm

Note that any teenager with a bit of tech savvy will likely figure out how to bypass these restrictions. Use the cell service on their phone, use a VPN, manually change their DNS assignments, hop on the neighbor's wifi if open, use their friend's cell phone as a hotspot, etc.

That doesn't make this a bad script, it's just not foolproof for the intended purpose.

asterisk · March 1, 2021, 11:08pm

Yep, can confirm, the total block variant has been bypassed. The version where just some distracting sites are being blocked during remote learning sessions is holding up.

system · March 8, 2021, 11:08pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.