Parental Control not working, flint 2

Ido · January 3, 2024, 8:59pm

I have 2 Flint 2’s, 1 main router and the other set in AP mode, both running firmware 4.5.4

I am using Parental Control on my main router.
Created a profile with my phone as a test device (it has a static mac address)
Created a new Ruleset for blocking sites, as a test, blocking these sites
www.youtube.com
m.youtube.com
www.google.nl
google.nl

Default Ruleset for my profile is my newly created Ruleset.

So what I expect, if I go to www.youtube.com, that the site will be blocked.
But this doesnt work, doesnt get blocked at all. What am I doing wrong?

Is it perhaps some local DNS caching on my phone, so no need for name-IP translation?
Or is it just buggy?

admon · January 3, 2024, 9:19pm

Troubleshooting¶

There may be several reasons why the settings are not effective after being configured:

DNS cache.Browsers and operating systems have caches, so it takes some time for the changes to take effect. You can try clearing the cache to get it to take effect immediately.

Perhaps the schedule for the profile you set has not yet arrived.
The domain name you set may be incorrect.While a website’s domain name is public, the domain name used when an app calls an API is not. To resolve this, you will need to use a tool(e.g. Wireshark) to capture packets or search for it.
If you have a device that uses a random MAC address for each connection, that will also disable the feature.

It could be the Apple Privacy Relay as well. And of course it will only work when the router is the primary DNS server.

xize11 · January 3, 2024, 9:45pm

hmm maybe it can be two things:

its indeed a dns cache issue you have to flush ipconfig /flushdns, chrome:\\net-internals\#dns

Or:

do you use a more exotic/advanced configuration?, because if you use vlan or a different interface than lan the chances are the gl ui is unaware of its clients, typical in most of gl scripts they only reference br-lan and guest, with iptables they sometimes use br-+ but with the nfttables that wildcard probably broke too, that about br-+ i only saw in a few scripts, you can try setting it to br-lan to test, br-lan.1 can already create issues

A other possibility is that it just doesn’t work in AP mode per design.

slesar · January 3, 2024, 10:15pm

Or adguard home to block YouTube services (latest version)
Or hostname in router YouTube.com 127.0.0.1

Ido · January 4, 2024, 9:00am

Tried to flush windows dns and clear my browser. Still no blocking.
Also not using any special things in my Router.
Using Adguard will block it for all devices, not only for one, correct?

Wonder if if this option is working for other people. Also wondering if I can lookup the Parental control config within the LUCI interface.

admon · January 4, 2024, 9:03am

Please paste the output of both commands:

ipconfig /all

nslookup youtube.com

Ido · January 4, 2024, 9:19am

ipconfig /all

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : lan
   Description . . . . . . . . . . . : Intel(R) Wi-Fi 6 AX200 160MHz
   Physical Address. . . . . . . . . : 4C-79-6E-FE-AC-6D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::a420:79a9:1c89:ff62%21(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.158(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, 2 January 2024 12:42:21
   Lease Expires . . . . . . . . . . : Thursday, 4 January 2024 21:38:29
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 256670062
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-28-87-25-1F-4C-79-6E-FE-AC-6D
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

nslookup youtube.com

Server:  console.gl-inet.com
Address:  192.168.1.1

Non-authoritative answer:
Name:    youtube.com
Addresses:  2a00:1450:400e:802::200e
          216.58.208.110

Ido-laptop (self)
192.168.1.158
4C:79:6E:FE:AC:6D

admon · January 4, 2024, 9:22am

Do you use Adguard Home?

Ido · January 4, 2024, 9:27am

Nope, I must have tried it at some point, but turned it off again.

admon · January 4, 2024, 9:35am

Hm, just tried it. The parental control works for me, but not on Brave (Google Chrome).
It works only in Microsoft Edge.

Please don’t ask me why, I guess because of some Google magic.
Parental block does not seem to work via DNS - even if I thought so.

How important is it for you to use parental block?
What is the ultimate goal at the end? Protecting children or some other reason?

Ido · January 4, 2024, 9:46am

Preventing my son going on youtube
I now blocked all internet access on the windows laptop.

admon · January 4, 2024, 9:54am

If you don’t need VPN policies you should go with AdGuard Home instead. Make sure to enable AdGuard Home Handle Client Requests in GL GUI so you can configure each client individually in AGH.

In AGH you can choose Settings > Client Settings to block services just for some clients. Should be more reliable than Parental Block.

slesar · January 4, 2024, 11:01am

You can block specific mac address or IP to block filters.

Ido · January 5, 2024, 5:41pm

Thanks, will try this