Parental controls on Linux Mint 21.3 can be implemented in several effective ways, from simple DNS-based filtering to more granular local rules. Below are three practical approaches, including quick-start options and more advanced configurations.
1. Using OpenDNS (FamilyShield or OpenDNS Home)
One of the easiest ways to filter web content is to switch your DNS to OpenDNS. This filters requests at the network level, helping block adult or inappropriate sites before they load.
- Open Network Settings in Linux Mint.
- Select your active connection (Wired or Wi‑Fi), click the gear icon, then under the IPv4 tab set DNS to:
- 208.67.222.123 and 208.67.220.123 (OpenDNS FamilyShield – preconfigured to block adult content; no account required).
- Optionally, for customizable filtering categories, use 208.67.222.222 and 208.67.220.220 (OpenDNS Home). Create a free account and adjust filters in the dashboard.
- OpenDNS FamilyShield info: Cisco/OpenDNS FamilyShield guide
- OpenDNS Home setup: OpenDNS Home getting started
- Click Save and reconnect your network. Verify filtering at welcome.opendns.com.
- Tip: For whole‑home protection, set the DNS on your router so all devices use OpenDNS automatically.
Note: Browsers with DNS-over-HTTPS (DoH) can bypass DNS filters. Consider disabling DoH in each browser (see: Mozilla’s DoH FAQ) or enforce filtering at the router.
2. Setting Up DNS Filtering with dnsmasq
For more control on a single machine or small network, run a local DNS resolver with dnsmasq
. You can combine upstream filtering (e.g., OpenDNS) with your own block rules and even enforce SafeSearch.
- Install:
sudo apt update && sudo apt install dnsmasq
- Create a config snippet (recommended):
sudo nano /etc/dnsmasq.d/parental.conf
, then add lines such as:# Use OpenDNS FamilyShield upstream server=208.67.222.123 server=208.67.220.123 # Block specific domains (and all subdomains) address=/example.com/0.0.0.0 address=/badsite.net/0.0.0.0 # Optional: enforce Google SafeSearch cname=www.google.com,forcesafesearch.google.com cname=google.com,forcesafesearch.google.com
- Enable and start the service:
sudo systemctl enable --now dnsmasq
- Point your connection to the local resolver so traffic flows through dnsmasq:
- In Network Settings > your connection > IPv4, set DNS to 127.0.0.1 and save.
- Test resolution and blocking:
dig example.com
(should return 0.0.0.0)systemctl status dnsmasq
(ensure it’s running)
Troubleshooting: If dnsmasq won’t start due to “address already in use,” another DNS service may be listening on port 53. Stop or reconfigure it before starting dnsmasq. For deeper reference, see the dnsmasq overview on the Arch Wiki.
3. Blocking Websites with /etc/hosts
For quick, local-only blocking, edit the /etc/hosts
file. This is lightweight but less flexible than DNS filtering.
- Open the file:
sudo nano /etc/hosts
- Add entries for each site (include common subdomains):
0.0.0.0 example.com 0.0.0.0 www.example.com
- Save, then flush the DNS cache if applicable:
sudo resolvectl flush-caches
(systemd‑resolved)
Limitations: The hosts file blocks only the exact hostnames you list and can be bypassed. It’s best for simple, per‑device rules.
Conclusion
Linux Mint 21.3 provides multiple paths to parental controls. For a quick start, use OpenDNS FamilyShield. For customizable filters, use OpenDNS Home or run your own dnsmasq
with tailored rules. For one‑off blocks, /etc/hosts
works in a pinch. Wherever possible, apply DNS filtering at the router for whole‑home coverage, and consider disabling DNS‑over‑HTTPS in browsers to prevent circumvention.