What's new

Parental Controls and Firewall setup

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Zupper

New Around Here
I am writing this to offer my experience, so that it may help others. I had a surprisingly hard time to find information and examples of "real" parental control functionality with ASUS routers. I searched the net, and specifically this forum.

I have an RT-AC66U, running the .57 Merlin build. I don't know much about the details of networking "under the hood", and I would have been willing to learn about scripting, but preferred to accomplish what I wanted through the GUI.

For the kids computers, I wanted to be able to block gaming (specifically Steam) at certain times, and block all internet access at other times. I would also like to include URL filtering.

For ASUS, "parental controls" means all or nothing. You can block all internet with a schedule tied to a device MAC. You can have different schedules for different devices.

Steam can be blocked by filtering ports. For ASUS, this is setup in the Firewall - Network Services Filter area, which is separate from Parental Controls. For NSF, you can only select one schedule which will govern all rules, which are tied to device IP addresses. I didn't even understand the nomenclature of the settings, like what exactly was the source and what is the destination. URL filtering does not have any schedule capability, and is either just on or off.

So, the best I could come up with is using a combination of Parental Controls and NSF. There have been many posts saying that these two functions conflict with each other. However, there was a more recent suggestion that they could work, if the same device was handled in both functions. This appears to work for me.

Here is my setup:
1. First you need to set a static IP for the device(s) you want to control. I did this simply with the "manual" declaration in DHCP setup.

2. Next setup your parental controls. You select which device via its MAC, and then create a schedule of "allowed time" for the device. You are setting when internet is allowed, or otherwise completely blocked.

3. Next you setup Firewall Network Services Filter to block Steam. Only certain ports are needed by Steam (and they tell you which ones). I took the approach to block all ports above 1024. For this, you put the device IP in the "Source IP" column, and put the port range (1025:65535) in the Destination "Port Range" column. The other two columns (Source Port, Destination IP) blank. You make two entries, one for TCP type, and one for UDP type.

4. Then you can set up the NSF schedule and enable. Obviously, it only makes sense to use a schedule for times where parental controls hasn't already fully blocked internet. Unfortunately, there can be only one schedule for NSF.

That all worked for me. I have 2 devices defined in parental controls, and I have one device being limited in NSF. I confirmed that during the NSF time, Steam would not load but normal internet access was available. Then, during off time, no internet was available.

The actual experience is that during NSF blocking, Steam would time out with some connection error message. It would not be obvious to the user as to why that was happening. For the off time (from parental control), if you try to browse to a website, you actually get a redirected page that tells you internet access has been blocked.
 
Thanks for sharing, I do the time scheduling blocking before and may need to resort to blocking steam, origin, youtube ports or URLs as well.
One of my kids is spoofing his mac address, which bypasses the time scheduling so the only way I can cut him off is to physically unplug the ethernet cable from the lan port#2.

If there was a software way to do the same thing, block internet traffic for say lan port 2 that would work.
I don't care if its a manual process to turn on/off this configuration.
Does anyone know how to block a lan port instead of a mac address?


I am writing this to offer my experience, so that it may help others. I had a surprisingly hard time to find information and examples of "real" parental control functionality with ASUS routers. I searched the net, and specifically this forum.

I have an RT-AC66U, running the .57 Merlin build. I don't know much about the details of networking "under the hood", and I would have been willing to learn about scripting, but preferred to accomplish what I wanted through the GUI.

For the kids computers, I wanted to be able to block gaming (specifically Steam) at certain times, and block all internet access at other times. I would also like to include URL filtering.

For ASUS, "parental controls" means all or nothing. You can block all internet with a schedule tied to a device MAC. You can have different schedules for different devices.

Steam can be blocked by filtering ports. For ASUS, this is setup in the Firewall - Network Services Filter area, which is separate from Parental Controls. For NSF, you can only select one schedule which will govern all rules, which are tied to device IP addresses. I didn't even understand the nomenclature of the settings, like what exactly was the source and what is the destination. URL filtering does not have any schedule capability, and is either just on or off.

So, the best I could come up with is using a combination of Parental Controls and NSF. There have been many posts saying that these two functions conflict with each other. However, there was a more recent suggestion that they could work, if the same device was handled in both functions. This appears to work for me.

Here is my setup:
1. First you need to set a static IP for the device(s) you want to control. I did this simply with the "manual" declaration in DHCP setup.

2. Next setup your parental controls. You select which device via its MAC, and then create a schedule of "allowed time" for the device. You are setting when internet is allowed, or otherwise completely blocked.

3. Next you setup Firewall Network Services Filter to block Steam. Only certain ports are needed by Steam (and they tell you which ones). I took the approach to block all ports above 1024. For this, you put the device IP in the "Source IP" column, and put the port range (1025:65535) in the Destination "Port Range" column. The other two columns (Source Port, Destination IP) blank. You make two entries, one for TCP type, and one for UDP type.

4. Then you can set up the NSF schedule and enable. Obviously, it only makes sense to use a schedule for times where parental controls hasn't already fully blocked internet. Unfortunately, there can be only one schedule for NSF.

That all worked for me. I have 2 devices defined in parental controls, and I have one device being limited in NSF. I confirmed that during the NSF time, Steam would not load but normal internet access was available. Then, during off time, no internet was available.

The actual experience is that during NSF blocking, Steam would time out with some connection error message. It would not be obvious to the user as to why that was happening. For the off time (from parental control), if you try to browse to a website, you actually get a redirected page that tells you internet access has been blocked.
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top