How to: Block Youtube on iPad for kids

Discussion in 'Tomato Firmware' started by Gustep, Apr 13, 2018.


Would you like a feature to limit your kid's Youtube watching on your LAN?

  1. Yes, for specific IP addresses on my LAN

    0 vote(s)
  2. Yes, with a daily bandwith allotment for Youtube

    0 vote(s)
  3. Yes, during specific times of day

    0 vote(s)
  4. Yes, but in a stealthy way: slow it down so it constantly buffers (unwatchable)

    0 vote(s)
  5. All of the above, please!!

  6. Whatever works - anything is better than nothing!!

Multiple votes are allowed.
  1. Gustep

    Gustep Addicted to LI Member

    I have a non-technically inclined 8 year old that spends a bit too much time watching Youtube junk on the iPad. I would like to block youtube for that device (which has a reserved, specific IP via DHCP), or slow it down to the point of non-usability after, say, 5 minutes, but still want to provide internet access for other apps on that iPad, like LINE.

    How can I do this in the Tomato firmware?

    I read a suggestion that I should intercept the DNS request for youtube and block it (under Advanced: DHCP/DNS), but could someone perhaps give an example? Lots of parents have this issue, you will be appreciated!

    Note: This isn't meant to be rock-solid solution which stops determined and tech-savvy users. It's only meant to stop an 8-year old. Anyone who figures out a circumvention probably earned their right to watch Youtube...

  2. Sean B.

    Sean B. LI Guru Member

    Put this in the custom config box under Advanced->DHCP/dns:

    This will point DNS queries for and any of its sub-domains (, etc ) to the loopback IP address. This will affect all clients that receive DNS query responses from the router. If you need to single out the one ipad only, or have some sort of simple on/off control for it, give me a detailed description of the requirements and I'll write a custom script if possible.
  3. Gustep

    Gustep Addicted to LI Member

    Thank you, this works acceptably for now. Yes, ideally I would like this to only apply to a specific IP address, say, but since I couldn't figure out how to do that, I used that command on a Tomato router that's exclusively providing wifi to guests and and kids - so a blanket youtube block on that device is ok for now.

    How difficult would it be to make this command applicable to specific IP's only?
  4. eibgrad

    eibgrad Network Guru Member

    Might want to take a look at the following script I threw together over the past few days. It works w/ DNS too, but uses a different strategy based on ipset.

    You add ipset directives to DNSMasq that specify the domain names you want to block. You then modify the script to include those clients you want to deny access to those domains, based on their source IP and/or MAC address.

    While the address directive is helpful, it just can't handle anything on a per client basis. It's all or nothing. But using ipset, we can create firewall rules that examine the contents of the ipset hash table (which is updated by DNS each time the relevant domain names are queried) to see if there's a match on the destination IP for specific clients. If so, the client is blocked from that domain.
  5. Sean B.

    Sean B. LI Guru Member

    Do iPads have hosts files? That would be the easiest way to single out that device. Simply put an entry into the hosts file resolving as a host at . That is, if Apple didn't replace host files with some form of proprietary nonsense. This would also be effective no matter what internet connection the iPad is connected to, which may be a plus given your goal.
  6. koitsu

    koitsu Network Guru Member

    iPads run their own version of iOS, which is BSD-based -- so yes, they have an equivalent of /etc/hosts somewhere on the system. The limiting factor is that there's no way to manage such files/things on an iPad. :) Using the local LAN's DNS server (ex. dnsmasq) to accomplish the goal is a better way.
    Monk E. Boy and Sean B. like this.
  7. fefrie

    fefrie Networkin' Nut Member

    I'll assume that your kid is addicted to Youtube and nothing else. And that he doesn't stream anything else.

    So you can put his IP address into QOS Rule one [IPIpad] 80 443 traffic 0-1024kb Class one (Fastest) Rule two 1024- Class two (slowest)

    So the fastest class has the fastest speed allotted to it, and the slowest class after 1mb goes into the crawl class that's capped at an extremely low value. Surfing will be normal, but streaming will be extremely slow.

    Or if you want to go super simple, just use bandwidth limiter and cap the kid's speed at 1mbps.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice