Using OpenWrt and Pihole in conjunction, for parental controls

I'm trying to understand which settings and features of both OpenWRT and Pihole make for handy tools to help teach kids to use online access more wisely, and not spend too much time on Social media sites.

After looking into how to block sites like Facebook, using DNS blockages (as in, an Adlist), it was pointed out to me how that's easily circumvented by hand-coding network settings to avoid using the Pihole for the DNS server. So then I looked into the actual firewalling, etc. - which OpenWRT provides - which might act like parental controls.

I detailed my findings and rationale here, for those who are interested, mentioning several obscure OpenWRT settings which might be used in conjunction. I feel the various available network restrictions should be gradually turned up on the kids, in a tit-for-tat game of sorts, as necessary.

I'm curious whether any parents with kids out there have used such features (in OpenWRT or in Pihole), and what kind of success they had in trying to regulate their kids online usage to be more moderate.

I'd especially appreciate hearing any tried-and-true strategies that parents have used with their kids, as I think most parents have to confront this issue somehow or other these days.

1 Like

My kid is not yet of an age to be online, but fundamentally the complexity of your solution needs to scale with the tech-savvyiness of your child (and/or their friends) and the level of determination they would have to circumvent your controls.

In the simple case, you can use a Pihole (or AGH) solution and use the firewall to block all outgoing standard DNS requests (port 53) and redirect them to your DNS filter. That is circumvented easily if they use a VPN or are using DoH/DoT solutions which are harder to block. If they are crafty/determined and you need to limit their connection, you may need to implement other controls like firewalling using explicit allow-listed addresses... it's a cat and mouse game, for sure.

Beyond that, I don't have any practical experience to describe, but I'll be lurking on this thread to see what solutions other parents are using since I'll need to have these things in mind in the not too distant future.


AdGuard Home combined with DoH/T blocking and enforced DNS keeps it on the router rather than on separate pihole which could be unplugged. Also one less device to use. (As long as your router is powerful enough). It can also block various services like Facebook, YouTube etc.

That at least secures your home network.

Another route is enforced VPN on their phones that either routes back to your home network to keep filtering even when they are out... or a similar service for filtering is another way. (That's what one user does using an external DNS provider that I mention on my thread.)

Ultimately its about education and trust.

Because with mobile phones, tablets etc, there are multiple ways to get "unfiltered" internet. Libraries and schools will do their best but the internet can be a cesspool and blocking/filtering is a whack-a-mole game. Also what happens at others houses?

The thread for manual install of AGH is here, there is some pointers in there as others have looked into parental controls. AGH has client settings that can enforce safe-search and other options to help keep things kid friendly but its just one piece of the puzzle really.

Filtering has got better over the years but its still a minefield I'm glad I don't have to administer. Early filtering would block sex but also prevent access to sex ed or other resources. Its a sensitive balance to providing education or help resources vs full on "don't do it cos its naughty".


Just some additional thoughts to add.

Teach them about privacy. You are a product nowadays. Just googling yourself will show how much data you leak.

The NSA would be proud of what Facebook has achieved. The shadow profiles, tracking and slurping of data so even if you don't give them any data means they will steal it from other friends/family.

Try avoid social media. It can be both good and bad. bullying and harassment online is rife and has resulted in deaths/suicides.

Teach them once its online. Its forever. Be it nasty comments or risky photos... either can get you in trouble. "If you don't have anything nice to say... say nothing."

Teach them to use their brain. dumb TikTok stunts or conspiracy theories should be avoided. Eating tide pods is a Darwin Award waiting to happen. Proper research and confirmed sources also will lead to more rational decisions rather than mob stupidity.


Here's a neat trick to "Force All DNS Queries Through PiHole with OpenWRT".

Credit goes to @PixWrt for finding this trick.

1 Like

That's a interesting euphemism for saying that you want to block your kids from accessing those sites (since this "tool" will merely show them that they've been intentionally blocked at home). No shame.

I would also advise teaching them to be good netizens at an early age...and maybe block porn and malware too. :wink:

I don't say when the tools should be used. I just point out their existence, for when parents decide - for themselves - to make use of them.

1 Like