Parental Control not working, flint 2

I have 2 Flint 2’s, 1 main router and the other set in AP mode, both running firmware 4.5.4

I am using Parental Control on my main router.
Created a profile with my phone as a test device (it has a static mac address)
Created a new Ruleset for blocking sites, as a test, blocking these sites

Default Ruleset for my profile is my newly created Ruleset.

So what I expect, if I go to, that the site will be blocked.
But this doesnt work, doesnt get blocked at all. What am I doing wrong?

Is it perhaps some local DNS caching on my phone, so no need for name-IP translation?
Or is it just buggy?


There may be several reasons why the settings are not effective after being configured:

  1. DNS cache.Browsers and operating systems have caches, so it takes some time for the changes to take effect. You can try clearing the cache to get it to take effect immediately.
  1. Perhaps the schedule for the profile you set has not yet arrived.
  2. The domain name you set may be incorrect.While a website’s domain name is public, the domain name used when an app calls an API is not. To resolve this, you will need to use a tool(e.g. Wireshark) to capture packets or search for it.
  3. If you have a device that uses a random MAC address for each connection, that will also disable the feature.

It could be the Apple Privacy Relay as well. And of course it will only work when the router is the primary DNS server.

hmm maybe it can be two things:

  • its indeed a dns cache issue you have to flush ipconfig /flushdns, chrome:\\net-internals\#dns


  • do you use a more exotic/advanced configuration?, because if you use vlan or a different interface than lan the chances are the gl ui is unaware of its clients, typical in most of gl scripts they only reference br-lan and guest, with iptables they sometimes use br-+ but with the nfttables that wildcard probably broke too, that about br-+ i only saw in a few scripts, you can try setting it to br-lan to test, br-lan.1 can already create issues :slight_smile:

A other possibility is that it just doesn’t work in AP mode per design.

Or adguard home to block YouTube services (latest version)
Or hostname in router

Tried to flush windows dns and clear my browser. Still no blocking.
Also not using any special things in my Router.
Using Adguard will block it for all devices, not only for one, correct?

Wonder if if this option is working for other people. Also wondering if I can lookup the Parental control config within the LUCI interface.

Please paste the output of both commands:

ipconfig /all


ipconfig /all

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : lan
   Description . . . . . . . . . . . : Intel(R) Wi-Fi 6 AX200 160MHz
   Physical Address. . . . . . . . . : 4C-79-6E-FE-AC-6D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::a420:79a9:1c89:ff62%21(Preferred)
   IPv4 Address. . . . . . . . . . . :
   Subnet Mask . . . . . . . . . . . :
   Lease Obtained. . . . . . . . . . : Tuesday, 2 January 2024 12:42:21
   Lease Expires . . . . . . . . . . : Thursday, 4 January 2024 21:38:29
   Default Gateway . . . . . . . . . :
   DHCP Server . . . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 256670062
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-28-87-25-1F-4C-79-6E-FE-AC-6D
   DNS Servers . . . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Enabled



Non-authoritative answer:
Addresses:  2a00:1450:400e:802::200e

Ido-laptop (self)



Do you use Adguard Home?

Nope, I must have tried it at some point, but turned it off again.

Hm, just tried it. The parental control works for me, but not on Brave (Google Chrome).
It works only in Microsoft Edge.

Please don’t ask me why, I guess because of some Google magic. :smile:
Parental block does not seem to work via DNS - even if I thought so.

How important is it for you to use parental block?
What is the ultimate goal at the end? Protecting children or some other reason?

Preventing my son going on youtube :smile:
I now blocked all internet access on the windows laptop.

1 Like

If you don’t need VPN policies you should go with AdGuard Home instead. Make sure to enable AdGuard Home Handle Client Requests in GL GUI so you can configure each client individually in AGH.

In AGH you can choose Settings > Client Settings to block services just for some clients. Should be more reliable than Parental Block.

You can block specific mac address or IP to block filters.

Thanks, will try this