How-to: Force Safesearch + Parental controls but NOT youtube

Want to share your OpenWrt / Gargoyle knowledge? Implemented a new feature? Let us know here.

Moderator: Moderators

Post Reply
NorfantsPete
Posts: 4
Joined: Thu Jan 16, 2020 4:13 am

How-to: Force Safesearch + Parental controls but NOT youtube

Post by NorfantsPete »

Locking down Gargoyle for parental controls and Safesearch
Hi All
I notice there is no how-to for safesearch and parental control on gargoyle, nor is there an option for this with OpenDNS who supply this with their enterprise product but not their free tiers. Support say ‘its not possible’ yet other DNS providers such as comodo and AdGuard do, albeit a blnket sledgehammer to all sites.
As the kids moan to me, Dad I can only see babyish videos on youtube, but at the same time I don’t want unsafe googling or image searching (on incident of ‘poo poo’ being searched resulted in one shocked kid when a fetish site threw up an image!) I need a more granular solution.
Firstly, Im glad Gargoyle forces DNS, this was a challenge for me on DD-WRT – I had to add the following lines to DNS MASQ to force the dns through:
no-resolv
server=208.67.222.222
server=208.67.220.220
strict-order

This forced open dns to be used in all cases, even if they tried to change their dns settings, there was also a line on the firewall to drop dns queries:
iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -j DNAT --to $(nvram get lan_ipaddr)
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to $(nvram get lan_ipaddr)

I also stuck in this line to the firewall to limit socks proxy circumventing
iptables -I FORWARD -p tcp --dport 1080 -j DROP

Now, the clients themselves if android, use a mix of Google Family link (prevents temp profiles being set up to avoid content controls and gives pinpoint accuracy to location – great when the lad took a bespoke ‘day off’ and went into town!) and Qustudio (manages the content and gives live stats when kids are in the loo with their mobile!)
HINT: Qustudio for Windows is pretty bullet proof too, if needs be set up a new device with a new email address as its only free for one device. Also, hide the icon so kids don’t start to google how to avoid it.
Ok so you’ve set up OpenDNS and set all your filtering rules, checked the logs for anything you need to manually block, and dns is being forced, but what about SafeSearch? Kids can still google adult material and go to image search for illicit content (by accident or otherwise).
To activate this is slightly more complex for the newbie, but gurus will find this a breeze. It’s also not documented anywhere I can find and works in the latest versions. Ill go with the easiest method:
(please see attachment as this site wont let me mention google!)

>Got to attachment method 1

Done – you’ll now see youtube is not blocked but Google is now safe searching and your content is controlled and safe for kids to use.

If you DO want to safesearch youtube for very young kids and don’t want to use youtube4kids (which is terrible) just stick in another few lines:

>Got to attachment method 2

Hope that helps!
Last edited by NorfantsPete on Thu Jan 16, 2020 8:25 am, edited 1 time in total.

Lantis
Moderator
Posts: 5388
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: How-to: Force Safesearch + Parental controls but NOT youtube

Post by Lantis »

Hi, thanks for taking the time to post this.
Unfortunately, the board does not allow any fresh attachments (due to space restrictions).

Feel free to post a link (maybe switch the dots for the word DOT) and i'll edit your post to fix them for you.

Once you've been around the forum for a little while and posted a few times, you'll be free to post as a full user.
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

NorfantsPete
Posts: 4
Joined: Thu Jan 16, 2020 4:13 am

Re: How-to: Force Safesearch + Parental controls but NOT youtube

Post by NorfantsPete »

Ah ok, ill host the attachments and link here

Attachment 1:
Image

Attachment 2:
Image

Cheers

Post Reply