Hello all,
I am looking to be able to do the following: At the touch of a button I would like to block clients on my LAN from accessing a set of external hosts and just as easily reverse this when needed. The use case is a teenaged son who is spending time on Snapchat and Instagram rather than doing homework. Ideally the solution would affect only his devices but this is not completely necessary as he is the only one in the house who uses the services to be blocked anyway.
I have an idea of how to do it but would like to hear from others if there may be an easier/better way, or a even just a better way to implement my idea.
BTW sorry in advance for the length of this post - I hope some of you stay to the end!
Just to get it out of the way: My router (ASUS RT-AC5300 running Asuswrt-Merlin 384.12) offers AiProtection parental controls, but they are too coarse grained for my needs. It isn't clear what "instant messaging" this tool blocks and I don't want to block all such services since he does ocassionally need to use un-hip ones like WhatsApp for getting homework details. So I really just want to block the worst offending ones I mentioned above.
Anyway, a sketch of my idea is as follows:
My biggest concern is that I want to avoid too many frequent writes to jffs to maximise the lifetime of the flash memory but am not sure how much of a hit switching the symbollic link will be. Is this something I should be concerned about or is this question not worth my time? Is there any filesystem trickery available that I could use to avoid any flash memory writes whatsoever?
Besides the question about flash memory, can anyone spot any other ways this idea could be improved or if there is simply an easier way that I don't know about? I am new to Asuswrt-Merlin (I've only had the router a few days and only flashed Asuswrt-Merlin yesterday) so I think it is entirely possilble that there is a better way that I just don't know about.
Thanks in advance and thanks for anyone who read to the end!
LMeek
P.S. You may think the easiest solution is just to take my son's devices away, but 99% of homework kids are given these days is computer-based, so unfortunately he needs his devices and the Internet to do the homework. My goal is to temporarily remove other temptations available to him on the device when he doesn't have the willpower to do it himself.
I am looking to be able to do the following: At the touch of a button I would like to block clients on my LAN from accessing a set of external hosts and just as easily reverse this when needed. The use case is a teenaged son who is spending time on Snapchat and Instagram rather than doing homework. Ideally the solution would affect only his devices but this is not completely necessary as he is the only one in the house who uses the services to be blocked anyway.
I have an idea of how to do it but would like to hear from others if there may be an easier/better way, or a even just a better way to implement my idea.
BTW sorry in advance for the length of this post - I hope some of you stay to the end!
Just to get it out of the way: My router (ASUS RT-AC5300 running Asuswrt-Merlin 384.12) offers AiProtection parental controls, but they are too coarse grained for my needs. It isn't clear what "instant messaging" this tool blocks and I don't want to block all such services since he does ocassionally need to use un-hip ones like WhatsApp for getting homework details. So I really just want to block the worst offending ones I mentioned above.
Anyway, a sketch of my idea is as follows:
- Create two dnsmasq conf files, one containing my usual conf and a second containing my usual conf plus lines mapping all Instragram and Snapshat hostnames to 0.0.0.0 (say dnsmasq.conf.reg & dnsmasq.conf.noinstagram)
- Create a symbolic link /jffs/configs/dnsmasq.conf.add pointing by default to dnsmasq.conf.reg
- Implement a little REST API on a Raspberry Pi with one command to block the offending hosts and another to restore them. Under the hood the API will just send ssh commands to the router to switch the symbolic link and restart dnsmasq.
- On my Android phone I can use Macrodroid to build a simple "app" with two buttons that trigger the two API calls.
My biggest concern is that I want to avoid too many frequent writes to jffs to maximise the lifetime of the flash memory but am not sure how much of a hit switching the symbollic link will be. Is this something I should be concerned about or is this question not worth my time? Is there any filesystem trickery available that I could use to avoid any flash memory writes whatsoever?
Besides the question about flash memory, can anyone spot any other ways this idea could be improved or if there is simply an easier way that I don't know about? I am new to Asuswrt-Merlin (I've only had the router a few days and only flashed Asuswrt-Merlin yesterday) so I think it is entirely possilble that there is a better way that I just don't know about.
Thanks in advance and thanks for anyone who read to the end!
LMeek
P.S. You may think the easiest solution is just to take my son's devices away, but 99% of homework kids are given these days is computer-based, so unfortunately he needs his devices and the Internet to do the homework. My goal is to temporarily remove other temptations available to him on the device when he doesn't have the willpower to do it himself
.
