Ad blocker / Parental Control / DNS / Filtering?

Hi all,

I was wondering if anybody here runs something like Pi-Hole or AdGuard Home (or something else).

My young ones are starting to use PCs (running Linux :slight_smile:) more and more, and spending more and more time on the old phones we have lying around. They are bound to discover something online that’s slightly dodgy.

Simultaneously, my wife’s job is WhatsApp crazy and she’d like a way to just block Whatsapp for a couple of hours every night (family time).

Hell, I’d even like the ability to disable Showmax / Netflix for a couple of hours.

Of course, being able to schedule and control from something like Home Assistant could be very useful. I have an oldish Mikrotik router and Unifi access points, with an Ubuntu box running Docker and VMs that I can use for this (currently running my HA instance in a VM and a couple of other things in Docker containers, including the Unifi controller) .

What (if anything) do you guys use?

Just switch off the Fiber connection … on a timer. :laughing:

And make sure the phones don’t switch back to mobile data.

I’ve been using a Pi-Hole for the last couple of years.
I don’t have anything specific setup to disable specific things like Showmax / Netflix, but it’s easy enough to find and blacklist the relevant URL from the log. I’m not too sure about temporary blocks or how far the HA integration goes though.

1 Like

I also agree this should do the trick for you. You can setup the Mikrotik to route the traffic to Pi-Hole automatically.

I have an Asus router running Asus-WRT. You can schedule connections to devices. So for instance you can block internet access between scheduled time to your phone and while the phone does not disconnect from the wifi, the data is blocked.

For the kids I run Google Family on all the devices. It makes sure your searched and youtube all have the safe search option enabled and you can schedule a time limit and also a bed time limit. Fantastic, cause they are not angry with you but rather the device. Works well now that my kids are teenagers as well :smiley:

PiHole is great and everyone should be using it. I just have it as a docker container on Unraid.

Google Family is only for Android, right?

We have iPhones in the family, and already have the Apple screentime controls in place. No SIM-cards, so there’s no way to bypass any Wifi blocks I put in place.

Does Pi-hole have parental controls? I.e. to block adult websites?

The child phone/tablet needs to be Android for all the lockdowns to work, but the parent app has a iOS version that run on Apple.

You can also manually set the Safe Search option for Google search and Youtube. But that is per app, per device, per user logged into the device, so make sure you get them all. is a great resource on how to set it all up manually.

Thanks for the link, will check it out.

AdGuard Home looks quite good, seeing that it has parental controls as well. GitHub - AdguardTeam/AdGuardHome: Network-wide ads & trackers blocking DNS server

(EDIT: OK do check out the animated version of the image above on their Github page)

1 Like

OK so I ended up downloading Adguard Home.

First had a lot of issues getting the Docker container running due to port 53 already in use by dnsmasq on my Ubuntu machine. Turns out the latter is actually set up by KVM (the Virtual Machine software) where I run my Home Assistant. Not wanting to mess that part up, I decided to use the Home Assistant add-on instead.

This required me to give Home Assistant a static IP (which it always had - via a fixed allocation in the DHCP server on my Mikrotik router), but they require that the HassOS setup be set to “fixed IP”. That took a while to figure out.

Then I set up the Adguard Home add-on. It works – well enough. Findings:

  • Parental mode works – adult websites are blocked.
  • SafeSearch works – it is enforced in DuckDuckGo and Google, and Youtube comments are disabled.
  • Ads I don’t really see an improvement yet, will need to test more. Stats indicate that it blocks tons of DNS requests for ads so will have to see (perhaps more trackers than ads)
  • But in terms of pure services blockign - it doesn’t really work. Facebook was blocked better than WhatsApp - looks like the WhatsApp engineers built their protocol pretty robust (I’m guessing they cache DNS results themselves too).

So ended up blocking WhatsApp directly on my Mikrotik via a rule – and plan on using this Home Assistant custom component so that I can schedule it (or turn it on/off on demand).

Hi, i also use Ad Guard at home. Works better with some extra blocking. Just google for extra adguard list.

Kids nowadays are quite clever.
An very easy way to bypass adguard, is to change the dns settings on your phone. Then it bypass the adguard server.
And easy fix is to make sure that your mikrotik force all the traffic to the adguard ip.
You set that in the firewall.

Use the following on Mikrotik to send all dns to your Pi.
It will force all traffic to your pihole.
Change to your Pi hole/ adguard server.

/ip firewall nat

add chain=dstnat action=dst-nat to-addresses= protocol=udp src-address=! dst-address=! dst-port=53 in-interface=!ether1
add chain=dstnat action=dst-nat to-addresses= protocol=tcp src-address=! dst-address=! dst-port=53 in-interface=!ether1

add chain=srcnat action=masquerade protocol=udp src-address= dst-address= dst-port=53
add chain=srcnat action=masquerade protocol=tcp src-address= dst-address= dst-port=53

1 Like