What's new

Parental Controls Question

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Albino_Mexican

New Around Here
I have implemented time based Parental Controls for specific devices on my network which works really well. The problem is that if I use the Asus Router app to disable/re-enable internet access for one of those devices, the time schedule gets erased and I have to re-schedule that device's access. Is this normal? (confirmed on rt-n66u & rt-ac68u running 380.65_2 and earlier versions)
 
Yep. Just checked and mine were erased as well. Won't be using the iPhone app for that again.


Sent from my iPhone using Tapatalk Pro
 
This also happens to me but when doing it in the router through a browser. Quite annoying. Hopefully it would be possible to stop this happening in a future update, I suppose only @RMerlin can answer if it is possible to do this or not.
Failing this I'm wondering if it possible to create a script for time scheduling, that would keep the settings after a block and unblock of internet?


Sent from my iPhone using Tapatalk
 
Yes you can! The first script drops WAN connections. The second one removes the rules you created with the first script and allow WAN connections. If you run the first script when the device already has a valid WAN connection, you will get an error that it can’t find matching rules.

Code:
#!/bin/sh
echo "********************PC-Lab_off script run START at `date`" >> /var/log/cronlog
# Block an incoming connection from PC Lab
iptables -I FORWARD -s 192.168.2.218 -j DROP
# Validate it worked!
iptables -L FORWARD | grep DROP >> /tmp/cron.d/cronlog
echo "********************PC-Lab_off script END run at `date`" >> /var/log/cronlog

Code:
#!/bin/sh
echo "********************PC-Lab_on script run START at `date`" >> /var/log/cronlog
# drop rule that blocked an incoming connection from PC Lab
iptables -D FORWARD -s 192.168.2.218 -j DROP
# Validate it worked!
iptables -L FORWARD >> /tmp/cron.d/cronlog
echo "********************PC-Lab_on script END run at `date`" >> /var/log/cronlog

Place this in the cron job per example below
Code:
0 7 * * 1,2,3,4,5 /jffs/scripts/PC-Lab_on  # turns on WAN connection at 7AM Mon to Fri
30 20 * * 1,2,3,4,5 /jffs/scripts/PC-Lab_off  # turns off WAN connection at 8:30 PM Mon to Fri
0 9 * * 6 /jffs/scripts/PC-Lab_on  # turns on WAN connection at 9AM on Sat
1 16 * * 6 /jffs/scripts/PC-Lab_off  # turns off WAN connection at 4:01pm on Sat
 
Yes you can! The first script drops WAN connections. The second one removes the rules you created with the first script and allow WAN connections. If you run the first script when the device already has a valid WAN connection, you will get an error that it can’t find matching rules.

Code:
#!/bin/sh
echo "********************PC-Lab_off script run START at `date`" >> /var/log/cronlog
# Block an incoming connection from PC Lab
iptables -I FORWARD -s 192.168.2.218 -j DROP
# Validate it worked!
iptables -L FORWARD | grep DROP >> /tmp/cron.d/cronlog
echo "********************PC-Lab_off script END run at `date`" >> /var/log/cronlog

Code:
#!/bin/sh
echo "********************PC-Lab_on script run START at `date`" >> /var/log/cronlog
# drop rule that blocked an incoming connection from PC Lab
iptables -D FORWARD -s 192.168.2.218 -j DROP
# Validate it worked!
iptables -L FORWARD >> /tmp/cron.d/cronlog
echo "********************PC-Lab_on script END run at `date`" >> /var/log/cronlog

Place this in the cron job per example below
Code:
0 7 * * 1,2,3,4,5 /jffs/scripts/PC-Lab_on  # turns on WAN connection at 7AM Mon to Fri
30 20 * * 1,2,3,4,5 /jffs/scripts/PC-Lab_off  # turns off WAN connection at 8:30 PM Mon to Fri
0 9 * * 6 /jffs/scripts/PC-Lab_on  # turns on WAN connection at 9AM on Sat
1 16 * * 6 /jffs/scripts/PC-Lab_off  # turns off WAN connection at 4:01pm on Sat

I like the look of this, going to have a play later. So in cron jobs you would set the times for any devices, I notice you just have to use the device name for this, correct? And in the script you would use the devices I.P. address , and of course ensure its set to a static ip.


Sent from my iPhone using Tapatalk
 
I have this running on a DD-WRT router where I have a file that assigns host-name and static ip based on client MAC address. Access Restrictions on DD-WRT are broken so I had to research this. The host name is not required for the script to run though. Assign the static-ip in the DHCP Leases Tab and you should be all set. You can give the client host name in the Static Lease section. But the script only needs the client's IP address. The scripts above are called PC-Lab_off and PC-Lab_on. Name it something useful for you. Make sure it's executable:

chmod 755 filename

The ASUS Merlin wiki has instructions on how to issue the cru command to append a cronjob entry. Using the malware-filter example
Code:
cru a malware-filter "0 */12 * * * /jffs/scripts/malware-block"

Or, you can edit using vi or another editor. Location is /tmp/var/spool/cron/crontabs/admin

If you notice, I do some logging to a file when the script starts and ends, and include the iptables -L command to validate it worked. Those are optional. But useful at first to make sure it is doing what it should.
 
Thanks for all the replies. Resorting to cron jobs is less than ideal but I see the value. For now I'll just avoid using the app for this purpose.
 
Last edited:

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top