Parental Control using OpenWRT

Submitted by gerry on Tue, 02/07/2017 - 22:47

As a parent, I am somewhat torn regarding 'parental control' of Internet Access where my daughter is concerned. She is 8, so has limited access anyhow, but I would like for that access to be as unrestricted as possible while at the same time avoiding her stumbling any age-inappropriate content, which as we all know can often be only 2 or 3 clicks away.

I have decided on a multipronged approach, with the main home router, a TP Link N600 running OpenWRT Chaos Calmer being the crux of this.

Time Based Access

I am using a LuCI application called Access-Control which allows time-based rules block any accesses from any MAC address. It also has the facility to grant 'tickets' for usage within the usually restricted times. Basically, it is a LuCI UI to create iptables rules, which look like this:

zone_wan_dest_REJECT  all  --  anywhere             anywhere             MAC 00:04:4B:aa:bb:cc TIME from 00:01:00 to 08:30:00 /* Emily's Tablet Morning */
zone_wan_dest_REJECT  all  --  anywhere             anywhere             MAC 00:04:4B:aa:bb:cc TIME from 19:00:00 to 23:59:00 /* Emily's Tablet Evening */


DNS Filtering

I use two types of DNS filtering... one is the LuCI App - Adblock. This leverages a number of blacklists which are used with dnsmasq to block requests for known ad and other unwanted content. This has the added benefits of blocking malware, ransomware, phishing sites and a bunch of other stuff you really don't want to be clicking on. I have this configured network-wide as I want to block this for everyone, not just the kids.

The second is OpenDNS Family Shield. This is basically a pair of DNS resolvers which are tailored to child-friendly content. Setting this up to only affect the kids while allowing the adults free access involves tweaking dnsmasq to add a 'tag' which will get the OpenDNS resolvers, while untagged clients will get the standard DNS resolvers. Once the tag has been set up, the clients you wish to tag need to be given a static DHCP lease, and then the configuration edited to add the tag.

The configuration on my router looks like this (/etc/config/dhcp)

config tag 'kids'
        list dhcp_option '6,,'

config host
        option name 'emily-tablet'
        option mac '00:04:4b:aa:bb:cc'
        option ip ''
        option 'tag' kids




Add new comment

Restricted HTML

  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id>
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
CAPTCHA This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.