This is an old revision of the document!
Parental controls
Parental control of internet access can be done in several ways:
- Timely restriction of internet access per IP/MAC.
- Restrict / deny / block access to certain web pages.
Block access to certain web pages
There are many ways to block access to unwanted websites, many of them void the DNS lookup so, for example, www.youtube.com does not generate the desired IP address.
These can be foiled quite easily by using another internet site to lookup the IP address for the site and bypassing DNS altogether.
The adblock package seems to do this. The most reliable mechanism to block access to a public site is
fw3 rule to block a site.
Timely restriction of internet access
Example: Block internet access for a certain MAC address / IP address on weekdays during 21:30-07:00
Web interface
First, make sure that your router has the right time and the right timezone.
- Network → Firewall → Traffic Rules → New forward rule
- Add name for your rule, e.g. “Kids weeksdays”, “Kids weekend”
- Source zone: lan
- Destination zone: wan
- Click Add and edit
- Select Source MAC address or Source address
- Set Action to be Reject
- Select weekdays
- Select start/stop time
- Save&apply
More detailed explanations in French: step-by-step explanations with screenshots
NB: If your focus is on authorised timeslots, you can create a rule that always rejects, and add a few rules that accept for the authorised timeslots. Order the rules so as to bring Accept rules before the Reject rule.
Command-line interface
Add a new firewall rule. Edit the following example code block to suit your needs and then copy-paste it into the terminal. Check for errors the service restart output!
uci add firewall rule uci set firewall.@rule[-1].name="Kids weekdays" uci set firewall.@rule[-1].src="lan" uci set firewall.@rule[-1].src_mac="78:BB:AA:3A:88:14" uci set firewall.@rule[-1].dest="wan" uci set firewall.@rule[-1].start_time="21:30:00" uci set firewall.@rule[-1].stop_time="07:00:00" uci set firewall.@rule[-1].weekdays="Mon Tue Wed Thu Fri" uci set firewall.@rule[-1].utc_time="0" uci set firewall.@rule[-1].target="REJECT" uci commit firewall /etc/init.d/firewall restart
Once the time is reached, the default rule order prevents closing already established connections. The rules should be reordered to resolve the issue.
cat << "EOF" > /etc/firewall.estab for IPT in iptables ip6tables do ${IPT}-save -c -t filter \ | sed -e "/FORWARD.*ESTABLISHED/d; /FORWARD.*reject/i $(${IPT}-save -c -t filter \ | sed -n -e "/FORWARD.*ESTABLISHED/p")" \ | ${IPT}-restore -c -T filter done EOF uci -q delete firewall.estab uci set firewall.estab="include" uci set firewall.estab.path="/etc/firewall.estab" uci set firewall.estab.reload="1" uci commit firewall /etc/init.d/firewall restart
