[SOLVED] Please help with firewall rules for errant daughters devices

[apcr.com]

People running that firmware (XVortex) usually get short shrift on this forum as it is not made, supported or endorsed by Merlin. That said, I think we have sympathy for your situation.

If you head over to the "official" XVortex thread you will see the solution to your problem. All further enquiries would be best asked there.

http://www.linksysinfo.org/index.ph...in-on-netgear-r7000.71108/page-48#post-292085

WOW! Thats awesome! Fixed! Thankyou!! Thread marked "solved".

 

[jernau]

When it's time for bed simply take her devices away until morning. Router control is in the parents hand. Make rules and stick to them.

Sorry appreciate this thread is closed but wanted to comment on this. When you have a child with mental health issues limits and boundaries can be extremely challenging and as a parent you really have to pick your battles. Having an automated feature in the router to handle limiting of internet access is extremely useful as it gives a consistent time that the device is disabled which really helps these children given their sometimes rigid behaviours. Its also one thing less for the parent to rememeber when they have so much else going on. Before you post with parenting advice remember that some parents may have a lot more issues to deal with than others.

Anyway @apcr.com glad it got sorted, I had an R7000 for a while runinng Asuswrt but have to say switching back to an Asus device makes life easier as you do get the full gamout of Trend Micro features (legally) which are very useful when you have children on the network

 

[Deleted member 22229]

Sorry appreciate this thread is closed but wanted to comment on this.

You do things your way i do things mine. When my kids were young the devices were taken at bedtime period. Never had a issue worked great. If someone else wants to use a router to preform parent functions the more power to ya. Not in my home. Have a good day..

 

[Xentrk]

Here are sample scripts I run on a DD-WRT router. It should work on most router firmwares. The scripts allow the clients to connect to the router. But it prevents them from connecting to the WAN or internet.

I create cron jobs as follows to run the on and off scripts:

0 7 * * 1,2,3,4,5 root /jffs/scripts/PC-Lab_Naomi_on #allow access at 7AM Mon to Fri
30 20 * * 1,2,3,4,5 root /jffs/scripts/PC-Lab_Naomi_off #turn off access at 8:30PM Mon to Fri
0 9 * * 6 root /jffs/scripts/PC-Lab_Naomi_on #allow access at 9AM on Saturday
1 16 * * 6 root /jffs/scripts/PC-Lab_Naomi_off #turn off access 4:01PM on Saturday
0 13 * * 6 root /jffs/scripts/children_on#allow access at 1PM on Saturday
0 16 * * 6 root /jffs/scripts/children_off #turn off access at 4PM on Saturday

I assign static IP to staff devices that start at 192.168.2.200. Children devices get a dynamic IP that starts at 192.168.2.100 to 192.168.2.199.

#!/bin/sh
echo "********************PC-Lab_Naomi_on script run START at `date`" >> /var/log/cronlog
# drop rule that blocked an incoming connection from PC Lab
iptables -D FORWARD -s 192.168.2.218 -j DROP
# drop rule that blocked an incoming connection from Naomi Laptop
iptables -D FORWARD -s 192.168.2.232 -j DROP
# drop rule that blocked an incoming connection from Grace Laptop
iptables -D FORWARD -s 192.168.2.216 -j DROP
iptables -L FORWARD >> /var/log/cronlog
echo "********************PC-Lab_Naomi_on script END run at `date`" >> /var/log/cronlog

#!/bin/sh
echo "********************PC-Lab_Naomi_off script run START at `date`" >> /var/log/cronlog
# Block an incoming connection from PC Lab
iptables -I FORWARD -s 192.168.2.218 -j DROP
# Block an incoming connection from Naomi Laptop
iptables -I FORWARD -s 192.168.2.232 -j DROP
# Block an incoming connection from Grace Laptop
iptables -I FORWARD -s 192.168.2.216 -j DROP
iptables -L FORWARD | grep DROP >> /var/log/cronlog
echo "********************PC-Lab_Naomi_off script END run at `date`" >> /var/log/cronlog

Spoiler: children off script

iptables -I FORWARD -s 192.168.2.100 -j DROP
iptables -I FORWARD -s 192.168.2.101 -j DROP
snip...
iptables -I FORWARD -s 192.168.2.199 -j DROP

Spoiler: children on script

iptables -D FORWARD -s 192.168.2.100 -j DROP
iptables -D FORWARD -s 192.168.2.101 -j DROP
snip...
iptables -D FORWARD -s 192.168.2.199 -j DROP
[/SPOLER]

 

[deddc23efb]

Here are sample scripts I run on a DD-WRT router. It should work on most router firmwares. The scripts allow the clients to connect to the router. But it prevents them from connecting to the WAN or internet.

I create cron jobs as follows to run the on and off scripts:

0 7 * * 1,2,3,4,5 root /jffs/scripts/PC-Lab_Naomi_on #allow access at 7AM Mon to Fri
30 20 * * 1,2,3,4,5 root /jffs/scripts/PC-Lab_Naomi_off #turn off access at 8:30PM Mon to Fri
0 9 * * 6 root /jffs/scripts/PC-Lab_Naomi_on #allow access at 9AM on Saturday
1 16 * * 6 root /jffs/scripts/PC-Lab_Naomi_off #turn off access 4:01PM on Saturday
0 13 * * 6 root /jffs/scripts/children_on#allow access at 1PM on Saturday
0 16 * * 6 root /jffs/scripts/children_off #turn off access at 4PM on Saturday

I assign static IP to staff devices that start at 192.168.2.200. Children devices get a dynamic IP that starts at 192.168.2.100 to 192.168.2.199.

#!/bin/sh
echo "********************PC-Lab_Naomi_on script run START at `date`" >> /var/log/cronlog
# drop rule that blocked an incoming connection from PC Lab
iptables -D FORWARD -s 192.168.2.218 -j DROP
# drop rule that blocked an incoming connection from Naomi Laptop
iptables -D FORWARD -s 192.168.2.232 -j DROP
# drop rule that blocked an incoming connection from Grace Laptop
iptables -D FORWARD -s 192.168.2.216 -j DROP
iptables -L FORWARD >> /var/log/cronlog
echo "********************PC-Lab_Naomi_on script END run at `date`" >> /var/log/cronlog

#!/bin/sh
echo "********************PC-Lab_Naomi_off script run START at `date`" >> /var/log/cronlog
# Block an incoming connection from PC Lab
iptables -I FORWARD -s 192.168.2.218 -j DROP
# Block an incoming connection from Naomi Laptop
iptables -I FORWARD -s 192.168.2.232 -j DROP
# Block an incoming connection from Grace Laptop
iptables -I FORWARD -s 192.168.2.216 -j DROP
iptables -L FORWARD | grep DROP >> /var/log/cronlog
echo "********************PC-Lab_Naomi_off script END run at `date`" >> /var/log/cronlog

Spoiler: children off script

iptables -I FORWARD -s 192.168.2.100 -j DROP
iptables -I FORWARD -s 192.168.2.101 -j DROP
snip...
iptables -I FORWARD -s 192.168.2.199 -j DROP

Spoiler: children on script

iptables -D FORWARD -s 192.168.2.100 -j DROP
iptables -D FORWARD -s 192.168.2.101 -j DROP
snip...
iptables -D FORWARD -s 192.168.2.199 -j DROP
[/SPOLER]

An older thread, but it checks out.

Just wanted to say thanks. I was searching for a solution to improve the granularity of the time scheduling. The default one hour blocks in the web UI are much too fat. Thanks for the scripts.

 

[Xentrk]

An older thread, but it checks out.

Just wanted to say thanks. I was searching for a solution to improve the granularity of the time scheduling. The default one hour blocks in the web UI are much too fat. Thanks for the scripts.

You are welcome. I now use the scripts on an Asus AC88U. The dd-wrt has now been repurposed as an AP.