At the moment the home-schooling is putting little bit increased pressure on the internet usage of my kids. They forget themselves more and more watching some meaningless stuff on YouTube or TikTok. The school is not that intensive and leaves them too much time so they drift to different video platforms and next thing I know they have lost all feeling of time and space.
What I would like to do. Restrict access to video platforms YouTube, TikTok, maybe even Netflix, Prime Video, Disney+ and Discord during the working hours and give them free during the evenings and weekends. Nothing else. I am not so interested in permanent blocks or stuff, I just want to see that the during the "working hours" they steer away from the stuff. I have talked with them, but that level of self-discipline is simply too much to expect from them.
I have fritzbox Router. There are filters but they are useless. Firstly, the time limits or hours are only for complete internet access. Then one can limit or block websites, but this can not be complemented with a time-domain. I guess one could hack on system level in fritzbox and try to put a cronjob on it.
From what I figured I can achieve more or less the same with raspberry and pi-hole? Am I on the right track here? I even would not care that much even if it blocks the YouTube&Co for the whole household for "working hours".
I don't use the pi-hole for parental controls I do it on my router which is Untangle. It takes a bit to setup the filter stacks but once it's done it works pretty well. Untangle is licensed and has a fee for the home user and you have to have a bit of networking knowledge to really take advantage of it:
Pi-hole does not offer time-based blocking by default. However, you could create specific groups of clients with certain blocked domains. Via script or cron you could enable/disable this group.
I am in a similar situation with my kids and home virtual schooling. I have done what @yubiuser has recommended, to create a specific group (ie "Kids"), add social/video/game adlists to it and their specific devices. But I am not blocking/unblocking at different times.
The issue with time-based filtering I'm finding, is that once the sites are unblocked and they can access, their devices will cache the ip addresses during that time period - and since dns is cached on their device, will continue to work after the blocking is is re-enabled and their devices will not block those sites as intended (until dns cache has expired).
I'm unsure if there are any good ways around this with pi-hole alone, without leveraging some type of gateway/proxy/routing device that can filter the client-to-internet traffic as it is flowing through. I'd be curious to know of any tricks with pi-hole that I might have missed, though!
Pi-hole is an opt-in scheme. DNS sinkholes are effective but they require user buy-in to work. It's actually pretty easy to bypass if the user wants to bypass it. You need to lock down the devices so they can't change the DNS server to be not Pi-hole, or prevent a switch to cellular network.
And I know the response of "But my kids aren't that tech savvy". You'd be surprised. There are YouTube videos on how to bypass DNS blocking and kids share that kind of information quite readily.
The best case scenario is to use a few tools, one of which includes setting boundaries and enforcing consequences for violating those boundaries. There's never going to be a pure technical solution, I promise you that any roadblock you put up will be circumvented if the person being blocked really wants to avoid your blocking.
Actually, I don't care - if they find out how to bypass the stuff then they have learnt at least one damn thing. I learnt my computer skills also at that age when we had to hack into the work-laptop of my friend's father, so that we could play something. We were also able to beat the admin from the work and learnt a good deal.
I am just wondering how the fritzbox is blocking the websites. I have a blacklist and once it is active it works - except I can not figure out all of the addresses that I need to block. I thought that one can use raspberry to monitor the traffic, open some website and put the ip-address to some blacklist? If it is only about disabling DNS for some addresses then access on youtube with IP-address on the webbrowser would always work?
Ok, I spent some more time with google. I tried to investigate possibilities:
-turning Raspi into a firewall, I would need a second Ethernet and I am not sure how my whole network would take it. Additionally, I guess you plug it in after the Router, between the router and NS-Switch, my router has active WLAN and it also in use in my cellar - using this would circumwent the firewall. Does not really seem so appetizing
-search a solution with fritzbox. Here I came to a possible solution path. Fritzbox apparently has something called TR-064 interface. I do not exactly know what it is, but I have done some programming on RestAPI and this could be a way to give remote commands on Fritzbox and change its setting. I might be able to use the filter settings on Fritzbox and change them with a cronjob from Raspi. Sure, one can do things also locally on the Fritzbox, but it seems to be an uncertain way, because the firmware updates may always raze your system...