User Tools

Site Tools


docs:guide-user:firewall:fw3_configurations:fw3_parent_controls

Parental controls

Parental control of internet access can be done in several ways:

  • Timely restriction of internet access per IP/MAC.
  • Restrict / deny / block access to certain web pages.

Block access to certain web pages

There are many ways to block access to unwanted websites, many of them void the DNS lookup so, for example, www.youtube.com does not generate the desired IP address. These can be foiled quite easily by using another internet site to lookup the IP address for the site and bypassing DNS altogether. The adblock package seems to do this. The most reliable mechanism to block access to a public site is fw3 rule to block a site.

Timely restriction of internet access

Example: Block internet access for a certain MAC address / IP address on weekdays during 21:30-07:00

Web interface

First, make sure that your router has the right time and the right timezone.

  1. Network → Firewall → Traffic Rules → New forward rule
  2. Add name for your rule, e.g. “Kids weeksdays”, “Kids weekend”
  3. Source zone: lan
  4. Destination zone: wan
  5. Click Add and edit
  6. Select Source MAC address or Source address
  7. Set Action to be Reject
  8. Select weekdays
  9. Select start/stop time
  10. Save&apply

Timely restriction of internet access via LuCI

More detailed explanations in French: step-by-step explanations with screenshots

NB: If your focus is on authorised timeslots, you can create a rule that always rejects, and add a few rules that accept for the authorised timeslots. Order the rules so as to bring Accept rules before the Reject rule.

NB: The stop time will stop kids from creating a new connection e.g. to browse one more page on Wikipedia. It will not kick out your kids if they have an existing connection e.g. in an Android game app. To enforce the stop time, you need something extra. Consider the script below, starting with cat.

NB: If you have e.g. a Guest network, this rule won't restrict your kid if/when they connect to the Guest network.

Command-line interface

Add a new firewall rule. Edit the following example code block to suit your needs and then copy-paste it into the terminal. Check for errors the service restart output!

uci add firewall rule
uci set firewall.@rule[-1].name="Kids weekdays"
uci set firewall.@rule[-1].src="lan"
uci set firewall.@rule[-1].src_mac="78:BB:AA:3A:88:14"
uci set firewall.@rule[-1].dest="wan"
uci set firewall.@rule[-1].start_time="21:30:00"
uci set firewall.@rule[-1].stop_time="07:00:00"
uci set firewall.@rule[-1].weekdays="Mon Tue Wed Thu Fri"
uci set firewall.@rule[-1].utc_time="0"
uci set firewall.@rule[-1].target="REJECT"
uci commit firewall
/etc/init.d/firewall restart

Once the time is reached, the default rule order prevents closing already established connections. The rules should be reordered to resolve the issue.

cat << "EOF" > /etc/firewall.estab
for IPT in iptables ip6tables
do
${IPT}-save -c -t filter \
| sed -e "/FORWARD.*ESTABLISHED/d;
/FORWARD.*reject/i $(${IPT}-save -c -t filter \
| sed -n -e "/FORWARD.*ESTABLISHED/p")" \
| ${IPT}-restore -c -T filter
done
EOF
 
uci -q delete firewall.estab
uci set firewall.estab="include"
uci set firewall.estab.path="/etc/firewall.estab"
uci set firewall.estab.reload="1"
uci commit firewall
/etc/init.d/firewall restart
This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
docs/guide-user/firewall/fw3_configurations/fw3_parent_controls.txt · Last modified: 2019/10/30 17:59 by wastuplu