I am writing this to offer my experience, so that it may help others. I had a surprisingly hard time to find information and examples of "real" parental control functionality with ASUS routers. I searched the net, and specifically this forum.
I have an RT-AC66U, running the .57 Merlin build. I don't know much about the details of networking "under the hood", and I would have been willing to learn about scripting, but preferred to accomplish what I wanted through the GUI.
For the kids computers, I wanted to be able to block gaming (specifically Steam) at certain times, and block all internet access at other times. I would also like to include URL filtering.
For ASUS, "parental controls" means all or nothing. You can block all internet with a schedule tied to a device MAC. You can have different schedules for different devices.
Steam can be blocked by filtering ports. For ASUS, this is setup in the Firewall - Network Services Filter area, which is separate from Parental Controls. For NSF, you can only select one schedule which will govern all rules, which are tied to device IP addresses. I didn't even understand the nomenclature of the settings, like what exactly was the source and what is the destination. URL filtering does not have any schedule capability, and is either just on or off.
So, the best I could come up with is using a combination of Parental Controls and NSF. There have been many posts saying that these two functions conflict with each other. However, there was a more recent suggestion that they could work, if the same device was handled in both functions. This appears to work for me.
Here is my setup:
1. First you need to set a static IP for the device(s) you want to control. I did this simply with the "manual" declaration in DHCP setup.
2. Next setup your parental controls. You select which device via its MAC, and then create a schedule of "allowed time" for the device. You are setting when internet is allowed, or otherwise completely blocked.
3. Next you setup Firewall Network Services Filter to block Steam. Only certain ports are needed by Steam (and they tell you which ones). I took the approach to block all ports above 1024. For this, you put the device IP in the "Source IP" column, and put the port range (1025:65535) in the Destination "Port Range" column. The other two columns (Source Port, Destination IP) blank. You make two entries, one for TCP type, and one for UDP type.
4. Then you can set up the NSF schedule and enable. Obviously, it only makes sense to use a schedule for times where parental controls hasn't already fully blocked internet. Unfortunately, there can be only one schedule for NSF.
That all worked for me. I have 2 devices defined in parental controls, and I have one device being limited in NSF. I confirmed that during the NSF time, Steam would not load but normal internet access was available. Then, during off time, no internet was available.
The actual experience is that during NSF blocking, Steam would time out with some connection error message. It would not be obvious to the user as to why that was happening. For the off time (from parental control), if you try to browse to a website, you actually get a redirected page that tells you internet access has been blocked.
I have an RT-AC66U, running the .57 Merlin build. I don't know much about the details of networking "under the hood", and I would have been willing to learn about scripting, but preferred to accomplish what I wanted through the GUI.
For the kids computers, I wanted to be able to block gaming (specifically Steam) at certain times, and block all internet access at other times. I would also like to include URL filtering.
For ASUS, "parental controls" means all or nothing. You can block all internet with a schedule tied to a device MAC. You can have different schedules for different devices.
Steam can be blocked by filtering ports. For ASUS, this is setup in the Firewall - Network Services Filter area, which is separate from Parental Controls. For NSF, you can only select one schedule which will govern all rules, which are tied to device IP addresses. I didn't even understand the nomenclature of the settings, like what exactly was the source and what is the destination. URL filtering does not have any schedule capability, and is either just on or off.
So, the best I could come up with is using a combination of Parental Controls and NSF. There have been many posts saying that these two functions conflict with each other. However, there was a more recent suggestion that they could work, if the same device was handled in both functions. This appears to work for me.
Here is my setup:
1. First you need to set a static IP for the device(s) you want to control. I did this simply with the "manual" declaration in DHCP setup.
2. Next setup your parental controls. You select which device via its MAC, and then create a schedule of "allowed time" for the device. You are setting when internet is allowed, or otherwise completely blocked.
3. Next you setup Firewall Network Services Filter to block Steam. Only certain ports are needed by Steam (and they tell you which ones). I took the approach to block all ports above 1024. For this, you put the device IP in the "Source IP" column, and put the port range (1025:65535) in the Destination "Port Range" column. The other two columns (Source Port, Destination IP) blank. You make two entries, one for TCP type, and one for UDP type.
4. Then you can set up the NSF schedule and enable. Obviously, it only makes sense to use a schedule for times where parental controls hasn't already fully blocked internet. Unfortunately, there can be only one schedule for NSF.
That all worked for me. I have 2 devices defined in parental controls, and I have one device being limited in NSF. I confirmed that during the NSF time, Steam would not load but normal internet access was available. Then, during off time, no internet was available.
The actual experience is that during NSF blocking, Steam would time out with some connection error message. It would not be obvious to the user as to why that was happening. For the off time (from parental control), if you try to browse to a website, you actually get a redirected page that tells you internet access has been blocked.