Teenagers are hard work.
Here at The Crow’s nest, we have two teenage fledgings stretching their wings and doing normal teenage stuff. Most of it doesn’t concern us. We don’t want to know the details of their social lives, we don’t want to know who they’re meeting up with at the weekend, and we don’t particularly care what Minecraft server they’re using at 2am.
We do care that they’re playing Minecraft at 2am because we don’t particularly want to have to deal with a sullen 13 year old who’s had - at most - five hours sleep. We care that globe-spanning Discord chats stretch out until almost dawn - save that shit until you’re at college when you can talk about political philosophy all night (provided you don’t have lectures the next day).
Or whatever the hell students talk about these days | Credit: Joanne Purdie / CC BY 2.0
The point is, I don’t want my teens up all night shit-talking on the internet when they should be sleeping. This is, of course, massively hypocritical, as except for weekends, The Crow is up every night shit-talking on the internet. My excuse is twofold: First, a portion of it is work related, due to clients in different timezones. Second: I’m a fucking grown-up and am not currently attempting to gain formal educational qualifications.
Until very recently, I didn’t have any clue to my teens’ late night electronic activity. Sure I might see a light under the door from time to time, but it was rare, and the only clue they weren’t getting enough sleep was that they looked like shit in the morning, and could barely function as human beings.
Enter the PiHole
Pihole is Free and open source software, which advertises itself as “A black hole for Internet advertisements.” It’s pretty easy to install on anything. Despite being built for the Raspberry Pi, it will run on any Linux or Windows 10 machine, and filters adverts by domain name, by default it redirects known ad domains to 0.0.0.0 - that is… nowhere. Ads don’t get served.
It also comes with a rather nifty web interface, allowing admins (The Crow in this case) an overview of such trivia as traffic levels, domains blocked, machines on the network, and domains requested. Naturally, I was surprised to see repeated connections to Minecraft servers and Discord coming from devices belonging to my 13 year old at daft O’clock at night. I hit the blacklist button for both domains, blocking both servers instantly - and cutting off my own Discord connection too. Damn.
Pihole documentation is pretty good, but it’s anticipated that the vast majority of people will use the rather neat web interface. Most users will set it up once, using their Pihole’s single line install, and forget about it. The Crow needed something a tiny bit different - it still wasn’t particularly hard though, and the manual provided most of what we needed.
Step 1: Identify all of The Teen's devices.
Easy enough. The Teen has a 2008 Mac currently running Manjaro Linux, a Motorola E3 Android phone, and a Samsung Tablet. These show up under friendly, easily identifiable names, such as ‘FrankenMacbook’ in the ‘Network’ Tab.
Step 2: Create a group which contains all the The Teen's devices.
Again, simples. In the group management dropdown there’s a tab called groups. By default there’s already one group there, and it’s called ‘Default.’ To add another group, The Crow typed in a new group name and pressed ‘add’ before moving to the Clients section of group management.
In ‘clients’ there’s a dropdown list of every device that has ever connected to The Crow’s network. It was straightforward to locate The Teen’s devices and assign them to my newly created group.
Step 3: Create a custom blocklist.
A blocklist is a textfile containing IP addressess and the corresponding URLs. Each on a separate line. If you really want to fuck with someone, you can assign Bing’s IP address to the google.com, but that’s an adventure for another time. The Crow just wanted The Teen to get some sleep.
Here’s the content of my Teen blocklist:
The (.|^) is a wildcard for subdomains, so abc.discord.com will be blocked as well as 123.discord.com. This is useful. Yes, I know some of those entries are unnecessary, but it’s done now.
Step 4: Apply your new blocklist to your new group
We uploaded the blocklist to our server as a text file, and fed the URL to Pihole.
Then, from the Adlist group management tab, we made sure it was only applied to the Teen group.
Step 4: Set a timer
We’re not complete arsesholes, and we appreciate that The Teen does have a social life and does need to talk to her friends and play Minecraft from time to time - just not at some ridiculous hour when she should be asleep.
Unfortunately, we weren’t able to find any settings which allow for scheduling of blocklists within Pihole’s manual or help section.
Fortunately linux - the default OS on which Pihole is designed to run, has an excellent task scheduler built in. It’s called cron, and will execute a script or a command according to rules which you set.
I created two text files - one of them blank, and one which is a duplicate of the blocklist.
At 10pm every night, a cronjob runs, executing a script which copies the second text file to the blocklist then updates Pihole’s gravity. Discord, Minecraft etc are now blocked for The Teen
At 6am every morning, a cronjob runs, executing a different script which copies the blank text file to the blocklist then updates Pihole’s gravity. The blocklist now contains no entries, so Discord, Minecraft etc are now unblocked for The Teen.
There are probably more efficient ways of achieving the same result, but The Crow is a notoriously lazy bird.
Did it work?
Well, yes. The Teen can no longer access Discord or Minecraft between 10pm and 6am. Daaaaaad, the WiFi is being slow again. So yeah. That part worked.
Unfortunately she’s now using Whatsapp.
Remember those wildcard entries above?
It’s possible to blacklist the entire internet.
Leave a comment
Leave your name (or don't) and try to keep it under 230 characters
Comments:[July 13, 2020 at 4:16 pm] So how do you apply that to your teens cell phone (iphone) that has a data connection all its own. - another parent
[ July 13, 2020 at 4:44 pm] I actually don’t. She is acutely aware that she has a very limited data plan. However, OpenVPN works well with Pihole: https://docs.pi-hole.net/guides/vpn/setup-openvpn-server/ - The Crow
[July 13, 2020 at 4:26 pm] Nice write up 🤘 although you might want to block outbound DNS request to only be allowed from your pihole. As this stands currently all you need to do to bypass this is change the clients DNS server too a external dns server. - Adrellias
[July 13, 2020 at 4:44 pm] You’re right. However, it will take The Teen a while to get to that point 🙂 - The Crow
[July 13, 2020 at 4:50 pm] You can block/intercept outbound DNS requests (Port 53) using FreshTomato Linux on your router. You can also set access schedules. I use the two tools together to protect my kids. - Jim W
[July 13, 2020 at 4:28 pm] Could you please publish the script content that is being executed by cron, as well? I am working on a filter similar to this for my child. Thank you. - Jim W
[July 13, 2020 at 5:38 pm] cp /list/to_be/applied.txt /your/active/list.txt then pihole -g. remember to make it executable - The Crow
[July 18, 2020 at 12:37 am] It would be super helpful if you could provide the full file path to the active list. I’m using v5.1 and looking under /etc/pihole I can see what was presumably text based gravity.list looks to have been replaced by gravity.db which is a SQLite database file. - bobsyouruncle
[July 18, 2020 at 7:31 pm] Sorry Bob. I’ve not looked into that - The Crow
[July 13, 2020 at 6:09 pm] god, i’d hate to have a parent like you
[July 14, 2020 at 5:05 am] Hehehe … you’ll understand when you’re a parent, kiddo - Barrack Obama
[July 13, 2020 at 9:30 pm] Get yourself a ubiquiti edgerouterX for 60 £/$, create a firewall rule to block all traffic in/out to desired mac addresses between desired times. Bingo. I have a kid that was up on discord/fortnite all night and this is how I stopped him in the end. -Ash
[July 14, 2020 at 8:45 am] @Crow what blocklists did you decide to go with on your pihole, really helpful guide? Thanks -B
[July 14, 2020 at 9:05 am] For the default group I went with these four: https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts | https://mirror1.malwaredomains.com/files/justdomains | https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt | https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt Anything extra, I blacklist individually as they come to my attention. - The Crow