Looking for a new router with good access control

[ttran55]

Hi,
I am looking for a new router that allows me to do these:
1. Block internet access by schedule per device bases on Mac address.
2. allows the controlled mac addresses above to access some domains.
3. all other devices are not affected by the rules above.

I want my son to access school website to do homework but nothing else.
Currently I am using Asus RT-N56u flashed with Padavan fw so I can have guest network and block the internet accesss by schedules but there is no option for those devices to access some domains.
I found the TP link routers have these features but then it only allows 4 parental PCs that are not limited by the rules which is way below the number devices i have at home.
Do you have any sugesstion?
thanks
Thang

 

[System Error Message]

Being too restrictive isnt helpful, homework now requires research and that means google, wikipedia and so on. Its a bad idea to restrict your kids so much with internet.
One effective means though not easy is to use squid proxy with squidguard and clamav. Squidguard filter examples have lists that you can filter so you can allow/block certain ones and the filter list is divided neatly into catogaries such and even have catogaries such as religion for example. I am using a ubiquiti edgerouter to run these things so you dont need a standard x86 linux server for it. If you want to do the same the only edgerouters that can run software reliably are the ER-X and edgerouter 8/pro and you can also use them as routers too. You would redirect all your web traffic through squid and use squid to configure what addresses to restrict and what addresses to not restrict.

For example facebook is essentially used a lot and would be bad to deny access but facebook games and apps are what you should block. I remember telling a few admins of a company looking to block facebook with mikrotik that it is better to block the apps and games rather than facebook itself. Even with twitter a lot of companies and media/news use twitter to post updates.

url filters are actually layer 7 so you cant really block them easily and whats to stop your son using a vpn or proxy just to bypass all your filters.

Doing it correctly is difficult and requires a lot of technical skill especially that ubiquiti edgrouters require a lot of terminal use.

I know that both asus and mikrotik have scheduling for their rules. my configuration uses mikrotik as the router, ubiquiti as some mini MIPS linux server and asus as the AP.