Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Parental Controls Question

Discussion in 'Asuswrt-Merlin' started by Albino_Mexican, Mar 19, 2017.

  1. Albino_Mexican

    Albino_Mexican New Around Here

    Joined:
    Jan 9, 2016
    Messages:
    5
    Location:
    Canada
    I have implemented time based Parental Controls for specific devices on my network which works really well. The problem is that if I use the Asus Router app to disable/re-enable internet access for one of those devices, the time schedule gets erased and I have to re-schedule that device's access. Is this normal? (confirmed on rt-n66u & rt-ac68u running 380.65_2 and earlier versions)
     
  2. wedwabbit

    wedwabbit Occasional Visitor

    Joined:
    Dec 28, 2016
    Messages:
    15
    Location:
    Australia
    Yep. Just checked and mine were erased as well. Won't be using the iPhone app for that again.


    Sent from my iPhone using Tapatalk Pro
     
  3. Stevemcclure

    Stevemcclure Regular Contributor

    Joined:
    Aug 22, 2015
    Messages:
    61
    This also happens to me but when doing it in the router through a browser. Quite annoying. Hopefully it would be possible to stop this happening in a future update, I suppose only @RMerlin can answer if it is possible to do this or not.
    Failing this I'm wondering if it possible to create a script for time scheduling, that would keep the settings after a block and unblock of internet?


    Sent from my iPhone using Tapatalk
     
  4. Xentrk

    Xentrk Very Senior Member

    Joined:
    Jul 21, 2016
    Messages:
    872
    Location:
    Chiang Mai, Thailand
    Yes you can! The first script drops WAN connections. The second one removes the rules you created with the first script and allow WAN connections. If you run the first script when the device already has a valid WAN connection, you will get an error that it can’t find matching rules.

    Code:
    #!/bin/sh
    echo "********************PC-Lab_off script run START at `date`" >> /var/log/cronlog
    # Block an incoming connection from PC Lab
    iptables -I FORWARD -s 192.168.2.218 -j DROP
    # Validate it worked!
    iptables -L FORWARD | grep DROP >> /tmp/cron.d/cronlog
    echo "********************PC-Lab_off script END run at `date`" >> /var/log/cronlog
    Code:
    #!/bin/sh
    echo "********************PC-Lab_on script run START at `date`" >> /var/log/cronlog
    # drop rule that blocked an incoming connection from PC Lab
    iptables -D FORWARD -s 192.168.2.218 -j DROP
    # Validate it worked!
    iptables -L FORWARD >> /tmp/cron.d/cronlog
    echo "********************PC-Lab_on script END run at `date`" >> /var/log/cronlog
    Place this in the cron job per example below
    Code:
    0 7 * * 1,2,3,4,5 /jffs/scripts/PC-Lab_on  # turns on WAN connection at 7AM Mon to Fri
    30 20 * * 1,2,3,4,5 /jffs/scripts/PC-Lab_off  # turns off WAN connection at 8:30 PM Mon to Fri
    0 9 * * 6 /jffs/scripts/PC-Lab_on  # turns on WAN connection at 9AM on Sat
    1 16 * * 6 /jffs/scripts/PC-Lab_off  # turns off WAN connection at 4:01pm on Sat
     
    Stevemcclure likes this.
  5. Stevemcclure

    Stevemcclure Regular Contributor

    Joined:
    Aug 22, 2015
    Messages:
    61
    I like the look of this, going to have a play later. So in cron jobs you would set the times for any devices, I notice you just have to use the device name for this, correct? And in the script you would use the devices I.P. address , and of course ensure its set to a static ip.


    Sent from my iPhone using Tapatalk
     
  6. Xentrk

    Xentrk Very Senior Member

    Joined:
    Jul 21, 2016
    Messages:
    872
    Location:
    Chiang Mai, Thailand
    I have this running on a DD-WRT router where I have a file that assigns host-name and static ip based on client MAC address. Access Restrictions on DD-WRT are broken so I had to research this. The host name is not required for the script to run though. Assign the static-ip in the DHCP Leases Tab and you should be all set. You can give the client host name in the Static Lease section. But the script only needs the client's IP address. The scripts above are called PC-Lab_off and PC-Lab_on. Name it something useful for you. Make sure it's executable:

    chmod 755 filename

    The ASUS Merlin wiki has instructions on how to issue the cru command to append a cronjob entry. Using the malware-filter example
    Code:
    cru a malware-filter "0 */12 * * * /jffs/scripts/malware-block"
    Or, you can edit using vi or another editor. Location is /tmp/var/spool/cron/crontabs/admin

    If you notice, I do some logging to a file when the script starts and ends, and include the iptables -L command to validate it worked. Those are optional. But useful at first to make sure it is doing what it should.
     
  7. Albino_Mexican

    Albino_Mexican New Around Here

    Joined:
    Jan 9, 2016
    Messages:
    5
    Location:
    Canada
    Thanks for all the replies. Resorting to cron jobs is less than ideal but I see the value. For now I'll just avoid using the app for this purpose.
     
  8. Xentrk

    Xentrk Very Senior Member

    Joined:
    Jul 21, 2016
    Messages:
    872
    Location:
    Chiang Mai, Thailand
    Last edited: Mar 21, 2017

Share This Page