What's new

firewall or parental controls

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

bkttk2

New Around Here
This has probably been asked and addressed but I am having no luck in finding the solution.

I am trying to block all wireless access for a few specific devices for a set time range.

Parental control doesn't appear to work. I am using a reboot script but IP addresses I am trying to block still have full internet access.

Since Parental control block does not appear to work I thought I would try firewall and blacklist the IP addresses for a set time, but this does not appear to be working either.

Is there a way to have the firewall blacklist IP addresses a specific time range? Basically I would like to block all wireless access for said devices.

I would prefer not to have to collect all devices at a set time and then return the next day.

Any help is geatly appreciated. I think I am on the right track but can not seem to figure out thd proper settings to make this happen.

Thanks in advance for any help provided.

See Post 18 for answer from ASUS.
http://forums.smallnetbuilder.com/showpost.php?p=136372&postcount=18
 
Last edited:
I would persist with trying to get Parental Control to work as that is what you want. The firewall filter is really designed to block specific network services (like ftp or bittorrent).
 
Might be helpful to state your router model and firmware version.

I've used parental controls successfully on an RT-N66 with various versions of Merlin's firmware.

One aspect of parental controls that never worked, at least when I was testing it about a year or so ago, is that it wouldn't drop an active connection at the time it was set to block. Subsequent connections, however, would be blocked as you would expect. I don't know if this has been addressed in newer firmwares (haven't tested since then and never noticed it listed as fixed in any of the change logs).
 
FWIW, running Merlin 376.44 on a RT-N66U, parental controls seem to work fine. I just blocked my iPad and then released it. The Pcontrols appear to work as expected as my iPad showed a strong signal but could not connect to the internet while the block was in place. Once I released the block, my internet access returned.

Edit: I did not test for blocking an active connection at a particular time as per F5ing above.
 
Parental Controls/Firewall Remedy

The best and easiest way to address the issue should start with the router itself. This is not to say they won't find a way to get around this, but at least you've done your best to try and protect them.
 
Last edited by a moderator:
Edit: I did not test for blocking an active connection at a particular time as per F5ing above.

The easy way I tested this was simply by launching a Youtube video that lasted longer than the allowable time before the block takes effect. Like starting a one hour video with only thirty minutes of allowable time left. The whole one hour video would play, but the connection was dead thereafter. Other than that sort of connection it would work as you would expect.
 
Thanks everyone.

I have RT-N66U and am using latest Merlin firmware.

I am currently using Parental Controls and it is the active connections that are causing me headache. I have a script that reboots the router about 5 minutes after the block time starts, but after reboot the devices appear to connect without error.

My kids will eventually figure a way around it I am mainly just trying to deter use after 7pm.

If anyone has additional suggestions they are much appreciated.
 
I'm assuming that you know that the default is no connection. When you highlight a range and hit apply, that turns on the connection for the time selected. Or that's the way it appears to me. ;)

Edit: Initially I assumed that it defaulted on and the selected range turns it off. I had it bassackwards.
 
Last edited:
When you highlight a range and hit apply, that turns on the connection for the time selected. Or that's the way it appears to me. ;)
Yes that is correct. This is what it adds at the beginning of the FORWARD chain when I only allow connections between 4am and 10am.
Code:
-A FORWARD -i br0 -m time --timestart 04:00 --timestop 10:00 --days Sun  -m mac --mac-source 14:49:E0:01:60:C3 -j PControls
-A FORWARD -i br0 -m time --timestart 04:00 --timestop 10:00 --days Mon  -m mac --mac-source 14:49:E0:01:60:C3 -j PControls
-A FORWARD -i br0 -m time --timestart 04:00 --timestop 10:00 --days Tue  -m mac --mac-source 14:49:E0:01:60:C3 -j PControls
-A FORWARD -i br0 -m time --timestart 04:00 --timestop 10:00 --days Wed  -m mac --mac-source 14:49:E0:01:60:C3 -j PControls
-A FORWARD -i br0 -m time --timestart 04:00 --timestop 10:00 --days Thu  -m mac --mac-source 14:49:E0:01:60:C3 -j PControls
-A FORWARD -i br0 -m time --timestart 04:00 --timestop 10:00 --days Fri  -m mac --mac-source 14:49:E0:01:60:C3 -j PControls
-A FORWARD -i br0 -m time --timestart 04:00 --timestop 10:00 --days Sat  -m mac --mac-source 14:49:E0:01:60:C3 -j PControls
-A FORWARD -i br0 -m mac --mac-source 14:49:E0:01:60:C3 -j DROP
Followed later by:
Code:
-A PControls -m state --state INVALID -j DROP
-A PControls -j ACCEPT
 
Thanks everyone for the help and suggestions.

Looks like I am doing things correctly so I will keep at it.

As previously stated my kids will probably find a quick way around the block, but hey I would like to see it work at least once. ;)

I double checked my parental control settings.

I have their devices set with static IP

I am rebooting router 5 minutes after the block starts. Block runs from 7pm to 7am with router reboot at 7:05pm.

I am blocking via mac address.

So I think I am doing everything correctly. I do have an additional question, which may be my issue.

I use Comcast and currently I have the router configured for ipv4 and ipv6. Does anyone know if parental settings function for both ipv4 and ipv6?

Edit: Think ipv6 is the issue. I found this older thread: http://forums.smallnetbuilder.com/showthread.php?t=10164
 
Last edited:
I wonder if the video buffered enough to appear to bypass the block?

No, it wasn't buffered. I didn't give it a chance. I just used those timeframes to try to clarify.

The way I really ran those tests was by starting a never played video, that was actually a couple hours long, just a couple/three minutes before the block was set to activate.

The whole video would play. And the network tabs in Task Manager and Resource Monitor confirmed the continued download.

But like I mentioned, no subsequent connection attempts were allowed.
 
No, it wasn't buffered. I didn't give it a chance. I just used those timeframes to try to clarify.

The way I really ran those tests was by starting a never played video, that was actually a couple hours long, just a couple/three minutes before the block was set to activate.

The whole video would play. And the network tabs in Task Manager and Resource Monitor confirmed the continued download.

But like I mentioned, no subsequent connection attempts were allowed.

F5ing - do you have ipv6 enabled?
 
My kids will eventually figure a way around it I am mainly just trying to deter use after 7pm.

I was just using PControls as a "time reminder" for a grandkid. She knew that when it was time to get off, she would get off and not bother with it any longer.

And actually, as she's gotten a few new devices, I've never added those devices to PControls. She's pretty good about bedtime and the like so I didn't even bother.

I'm pretty sure a determined kid would eventually discover that these existing connections would allow them to easily violate the block.

By the way, this was on IPv4 only.
 
I was just using PControls as a "time reminder" for a grandkid. She knew that when it was time to get off, she would get off and not bother with it any longer.

And actually, as she's gotten a few new devices, I've never added those devices to PControls. She's pretty good about bedtime and the like so I didn't even bother.

I'm pretty sure a determined kid would eventually discover that these existing connections would allow them to easily violate the block.

By the way, this was on IPv4 only.

Try disabling HW acceleration (LAN -> Switch Control).

I've seen a few reports of existing connections not getting dropped, but I never could figure out how that could even happen since the firewall rules are specifically designed NOT to allow this to happen. So the only explanation I could see would be HW acceleration causing those connections to completely bypass the firewall rules responsible for blocking them.
 
Try disabling HW acceleration (LAN -> Switch Control).

I've seen a few reports of existing connections not getting dropped, but I never could figure out how that could even happen since the firewall rules are specifically designed NOT to allow this to happen. So the only explanation I could see would be HW acceleration causing those connections to completely bypass the firewall rules responsible for blocking them.

Thanks. I will reenable ipv6 and disable the HW acceleration and then test to see if the firewall is still bypassed. I will update once I have timed to test the setup.

Edit: Disabled NAT acceleration and it appears that parental controls work with ipv6 enabled. That said if this does fix the issue, what is lost by not using NAT acceleration?

Edit 2: Nope that did not work. Seems with ipv6 enabled the parental controls do not work properly. Some items are blocked but not all. I will keep working on it. Update if I figure anything out.
 
Last edited:
Ended up contacting ASUS. They informed me that parental controls do not work for ipv6.

Does not solve the issue but at least lets me know why everything I was trying wasn't working.
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top