search

juanfranblanco / rt-n56u

Automatically exported from code.google.com/p/rt-n56u
0 stars 0 forks source link

Feature request for Parental control #85

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
Is it possible to add MAC Filter on time of day and day of the week basis?
Example: Restrict internet from Child's computer from 12:00 - 5:00 AM Monday to 
Friday.

Original issue reported on code.google.com by sul.sull...@gmail.com on 5 Feb 2012 at 8:37

GoogleCodeExporter commented 9 years ago 
Hi, yes it is. But, you need to use usb disk at the moment.

So, you need to add custom rules to /opt/etc/init.d/S10iptables
(see wiki page to learn how to edit scripts)

add to start function:

iptables -I FORWARD 1 -j REJECT -i br0 -o eth3 -m mac \
    --mac-source 1c:4b:d6:76:a4:b1 -m time \
    --timestart 00:00:00 --timestop 5:00:00 \
    --days Mon,Tue,Wed,Thu,Fri

to stop function:
iptables -D FORWARD 1 -m mac \
    --mac-source 1c:4b:d6:76:a4:b1 -m time \
    --timestart 00:00:00 --timestop 5:00:00 \
    --days Mon,Tue,Wed,Thu,Fri

Change mac address (--mac-source 1c:4b:d6:76:a4:b1) to mac of your child's 
machine.
Sorry, I'm also not sure about the time ) I mean am/pm...
If need another time period, then devide it into parts and write several rules.

Original comment by d...@soulblader.com on 5 Feb 2012 at 11:17

GoogleCodeExporter commented 9 years ago 
Thank you. Much appreciated. I had assumed the router would have it as standard 
from Asus.

Original comment by sul.sull...@gmail.com on 5 Feb 2012 at 7:41

GoogleCodeExporter commented 9 years ago 
It has :) But it doesn't work. I think it will be fixed later.

Original comment by d...@soulblader.com on 5 Feb 2012 at 9:35

GoogleCodeExporter commented 9 years ago 
Sorry I meant in the GUI for IP table illiterate people like me.

Original comment by sul.sull...@gmail.com on 6 Feb 2012 at 7:31

GoogleCodeExporter commented 9 years ago 
I meant from Asus not you. I am more than happy with your alternative thank you 
again.

Original comment by sul.sull...@gmail.com on 6 Feb 2012 at 12:09

GoogleCodeExporter commented 9 years ago 
Hello! I think I understood you correctly... =)
I mean here is a tool from asus http://my.router/Advanced_Firewall_Content.asp 
which doesn't work proper way.
I think it is possible to make this tool work. It should be changed a little...

Original comment by d...@soulblader.com on 6 Feb 2012 at 1:57

GoogleCodeExporter commented 9 years ago 
Hi, 
would you know how to change these rules so you can allow computers to access 
the net at certain times but have the default rule to reject web access. Unless 
you have created a rule to grant access. What I want to do is create a rule for 
each computer in my LAN to have web access at certain times but no access to 
computers outside of those ones I have specified.
Thanks

Original comment by mcgi0035...@gmail.com on 19 Mar 2012 at 2:50

GoogleCodeExporter commented 9 years ago 
Hello,

Add the following lines to /opt/etc/init.d/S10iptables:

...

wan_iface="`nvram get wan_ifname`"

case "$1" in
start|update)
       # These two lines block packets between internet and local hosts
       iptables -I FORWARD 1 -i br0 -o ${wan_iface} -j DROP
       iptables -I FORWARD 1 -i ${wan_iface} -o br0 -j DROP

...

If you want to grant access, then change -j REJECT to -j ACCEPT in the rules 
above.

Original comment by d...@soulblader.com on 19 Mar 2012 at 8:38

GoogleCodeExporter commented 9 years ago 
Thanks for the reply.
Could I also grant access to each mac using "iptables -I FORWARD 3 -j ACCEPT -i 
br0 -o eth3 -m mac --mac-source 00:14:85:13:8A:20 -m time --timestart 00:00:00 
--timestop 23:59:59 --days Mon,Tue,Wed,Thu,Fri,Sat,Sun" and then set the 
default forward policy with "iptables -P FORWARD DROP" or would that cause 
issues.

Original comment by mcgi0035...@gmail.com on 20 Mar 2012 at 6:44

GoogleCodeExporter commented 9 years ago 
I think this can also drop packets between machins in the local network.
Sorry, there is a small mistake. It should be:

an_iface="`nvram get wan_ifname_t`"

Original comment by d...@soulblader.com on 21 Mar 2012 at 1:12

GoogleCodeExporter commented 9 years ago 
I have attached part of my iptables rule file. If I understood you correctly 
this should work. Sorry for so many questions.

Original comment by mcgi0035...@gmail.com on 21 Mar 2012 at 5:48

Attachments:

GoogleCodeExporter commented 9 years ago 
No it won't work. You should first drop all packets. and then grant access to 
some.
The last two lines in 'start' function should be in the begining of it.

Original comment by d...@soulblader.com on 22 Mar 2012 at 10:16

GoogleCodeExporter commented 9 years ago 
Love the new interface. Can you please add parental control options?

Original comment by i...@staroversky.com on 4 Jul 2012 at 2:23

GoogleCodeExporter commented 9 years ago 
Any update about adding a visual parental control option with time limits, 
website blocking and mac addresses?

Original comment by i...@staroversky.com on 7 Aug 2012 at 6:31

GoogleCodeExporter commented 9 years ago 
Would love to see parental control option added to gui.

Original comment by darinpfe...@gmail.com on 13 Nov 2012 at 8:48

GoogleCodeExporter commented 9 years ago

Original comment by andy.pad...@gmail.com on 10 Dec 2012 at 1:09