November 23, 2018
Kids are no strangers to the internet, and interest is growing to find ways of protecting them from some of the content out there. Luckily there are some basic configurations which you can use on Mikrotik to assist you. Though this is not a full-proof way of content blocking, it is quick and easy and will certainly improve the level of control you have over the type of content that can be accessed via your home router.
DNS Blocking
One of the easiest ways to facilitate a safer browsing experience is to simply use a public DNS which already maintain large blacklists of domains such as Open DNS. Adding this as your DNS server and redirecting all DNS queries to the router itself will already make a big difference./ip dns
set allow-remote-requests=yes servers=208.67.222.123,208.67.220.123
/ip firewall nat
add action=redirect chain=dstnat comment="Redirect DNS" dst-port=53 protocol=udp
If you do not wish to use public DNS service for all the client devices on your network, you can select and specify the devices that should via address-lists or MAC address:
Address List:
/ip firewall nat
add action=dst-nat chain=dstnat dst-port=53 protocol=udp src-address-list=Parental-Control-List-IPs to-addresses=208.67.222.123
MAC Address:
/ip firewall nat
add action=dst-nat chain=dstnat dst-port=53 in-interface=X protocol=udp src-mac-address=XX:XX:XX:XX:XX:XX to-addresses=208.67.222.123
Youtube Restricted Mode
You can apply static entries into Mikrotik's DNS configuration to force restricted mode/ip dns static
add address=216.239.38.119 name=www.youtube.com
add address=216.239.38.119 name=youtubei.googleapis.com
add address=216.239.38.119 name=youtube.googleapis.com
add address=216.239.38.119 name=www.youtube-nocookie.com
add address=216.239.38.119 name=m.youtube.com
Kid-Control
It is possible to apply schedules to specific users and their devices. You will also be able to apply rate limits and pause access on the fly if necessary. In the below example access is restricted to SUN,TUE,THU & FRI with a permanent rate limit of 3mbps/ip kid-control
add fri="" mon="" name=Tim rate-limit=3M sat=18h30m-22h sun=15h-21h thu=0s-1d time-rate-limited=0s-0s tue=0s-1d wed=""
/ip kid-control device
add mac-address=XX:XX:XX:XX:XX:XX name="Tim's Phone" user=Tim
You can verify its operation as there will be dynamic entries created in the firewall and queue menus when in use
It is not necessary to worry about complex scripting or resource capacity on your router. Although the above tools are very basic they are very effective and can be implemented in minutes.