Ideas how to block certain webs (youtube) for kid's PC with possibility to enabling it for some hours.

jimbo12 · Feb 3, 2023, 2:43 PM

Hi,
I have a kids who started to be in the age they can open internet browser and navigate to youtube and then they are stuck in endless loop of that bullsh*t videos there until I force them to turn it off. So I am looking for a way of blocking some webs, now it is youtube with the possibility to add them "enabled time" so they will be for instance able to use the youtube for 1 hour and then block again.

Before I will start endless googling and inventing possibly already invented wheel, do anybody have some ideas or tips for this?

Thx!

noplan · Feb 3, 2023, 6:59 PM

@jimbo12

Pf blocker & DNSBL

Use the alias generated by pfB in a rule as destination. with the ip of the kids PC (source) and pimp it with a time based scheduler

Done

Works here just fine

jimbo12 · Feb 3, 2023, 8:55 PM

@noplan

Well, maybe I will need some more info on this. Currently I use pfblockerng and I have defined some dnsbl feeds for ad blocking and I have added my custom source with entries:

0.0.0.0 youtube.com
0.0.0.0 www.youtube.com
0.0.0.0 m.youtube.com

It works and the PCs can't access youtube. But it blocks youtube for all the clients in my home network and to be honest I do not know how to setup that custom dnsbl list only for certain IP and ideally allow it for some time periods.

As I am at the beginning of making this solution, I do not want to complicate it but I read it is possible to block some IPs which are associated to youtube (there was some ASN number mentioned). Would not this be an option? I am just asking.

Thx!

jimbo12 · Feb 4, 2023, 7:11 PM

OK, I tried the AS number way. Well, it works when I set the AS numbers related to youtube (and google) in
pfBlockerNG - > IP -> IPv4:

And it blocks youtube. But unfortunately youtube.com was resolved in my country as 142.251.36.110 which belongs to AS15169 and it includes google services, so for instance even gmail does not work.
So I think I will have to stick to blocking domain names only and block youtube.com only. I wanted to block youtube's service at all as android youtube apps might use other than youtube.com domain names and youtube videos might work there even if I block youtube.com domain. But interesting - when I blocked m.youtube.com, www.youtube.com and youtube.com via dnsbl, even my android TV did not play youtube, what is good as I will most likely want to block it as well.

So for me the opened thing is "How to make dnsbl block the youtube domain only for certain IPs?" If somebody gives me a hint it would be great.

noplan · Feb 4, 2023, 7:11 PM

Use DNSBL
Set it for *YouTube.Com

Use the alias pfB creates for a rule
For your hosts

Go go scheduler set up one

Go back to the rule advanced and select that scheduler

Set a second rule without the schedule and pass

Go to advanced and set allow kill states when schedule expired

That should do the trick

Keep me posted

michmoor · Feb 4, 2023, 9:32 PM

I have a vlan on my home network called “KidsZone”. In that vlan is a dns server(Adguard) From there I filter the content I want for the kids. In addition I have time based rules only for that vlan which cuts off the vlan to the internet after 10pm and enable after 7am.
I also do NAT reflection for dns so any connection to a dns server that isent my Adguard server goes back to Adguard.

Pfsense can’t so url filtering in the flexible way you may want so it’s easier/cleaner if you put devices you want to control in their own vlan.

noplan · Feb 7, 2023, 7:49 AM

@michmoor said in Ideas how to block certain webs (youtube) for kid's PC with possibility to enabling it for some hours.:

Pfsense can’t so url filtering in the flexible way you may want so it’s easier/cleaner if you put devices you want to control in their own vlan.

i get the approach and yes sounds familiar

but can u explain why pfS witch pfB & DNSBL can't realize URL filtering in the flexible way ...
I dont get it, maybe im looking at it wrong

br NP

noplan · Feb 8, 2023, 6:52 PM

another way is to use regex
as @Gertjan mentioned here

link -->

https://forum.netgate.com/topic/177672/url-blocking-by-keyword/7

noplan · Feb 8, 2023, 6:56 PM

@jimbo12 said in Ideas how to block certain webs (youtube) for kid's PC with possibility to enabling it for some hours.:

o they will be for instance able to use the youtube for 1 hour and then block again.

so far you got a pretty solid base on howto block certain things with certain methods usin pfB

only missing thing to fulfill your wish is howto time based rules

noplan · Feb 8, 2023, 7:16 PM

@noplan said in Ideas how to block certain webs (youtube) for kid's PC with possibility to enabling it for some hours.:

time based rules

configure your time range and add
looks like something like that

save

lets go build a firewall rule

but 1st set up an alias for all your kids devices if you have em put not togehter in a VLAN

then

Action= Pass
Source = ALIAS of your devices
DESTINATION = the pfB Alias pfB created

Fire and forget !

could be usefull but think about it carefull

if needed or not

**BUT IMPORTANT TO CHECK **

so that should do teh magic

have fun and keep us posted !