bschuhma DD-WRT Novice
Joined: 06 Apr 2017 Posts: 21
|
Posted: Fri Oct 20, 2017 1:24 Post subject: Suggestions for parental control? |
|
Hi all,
I'm upgrading from a dead Atheros based Archer TP-Link and I had the *perfect* setup for my needs. Let me explain...
Apparently my wife and I are the WORST PARENTS EVER, or so we're told. We limit our kids to 1-2 hours of screen time a day, depending on the day of the week. We don't allow their phones, tablets, or laptops into their rooms. Because of this, the kids have taken to "borrowing" their friends' old devices and connecting to the wifi and extending their screen time.
With my old Archer setup I had a "homework" virtual interface split off from the main network that only allowed a few MAC addresses onto it via MAC filtering on the interface. I also had a Guest virtual interface for their friends who visit - it was not MAC filtered. I have a script that resets the passwords on the Homework and Guest network every morning (different random password for each network) at 5am and emails me the new passwords. If my kids borrowed a new device from a friend it wouldn't really help them - the password changed every day, plus I would add their friends to the Guest network myself.
Unfortunately, the latest (current as 10/10/17) dd-wrt release I've installed on my new Netgear R8000 doesn't support MAC filters on virtual interfaces. I can create a virtual interface on wl1 (i.e. wl1.1) for Homework, but apparently all of wl1 shares the same MAC filter, unlike the Atheros TP-Link that had a MAC filter *per interface (virtual or actual)*.
I know MAC filtering isn't infallible and maybe I only *thought* I was fairly secure before, but it was working as I needed it. My kids just want to get to youtube videos, not spoof MAC addresses for the NSA. It kept rogue devices off my network and kept the kids from getting onto the network without asking for the password.
Given these two goals and the fact that the Broadcom chipset (I assume the MAC filtering thing is hardware limitation) doesn't allow MAC filtering per virtual interface, is there another solution? Should I just use iptables inside dd-wrt to add all the MAC filters I need? Do I need to use RADIUS authentication and change the kids' passwords there every 24 hours? A RADIUS server seems *really* heavy handed to achieve what I need, but I'd consider it if it's the only way to do what I need. Am I in the "hotspot" zone with my requirements? Should I be considering a hotspot solution of some sort? I wouldn't mind the ability to boot them off the network automatically after X amount of time...
Thanks for your thoughts and ideas!! I'd be very interested in hearing YOUR parental control solutions!
Regards,
Bret |
|
mwchang DD-WRT Guru
Joined: 26 Mar 2013 Posts: 1858 Location: Hung Hom, Hong Kong
|
Posted: Sun Oct 22, 2017 4:36 Post subject: Re: Suggestions for parental control? |
|
bschuhma wrote: | Hi all,
I'm upgrading from a dead Atheros based Archer TP-Link and I had the *perfect* setup for my needs. Let me explain...
Apparently my wife and I are the WORST PARENTS EVER, or so we're told. We limit our kids to 1-2 hours of screen time a day, depending on the day of the week. We don't allow their phones, tablets, or laptops into their rooms. Because of this, the kids have taken to "borrowing" their friends' old devices and connecting to the wifi and extending their screen time.
... more ....
|
Firstly, read these:
https://www.dd-wrt.com/wiki/index.php/Parental_control
https://www.google.com.hk/search?q=dd-wrt+parental+control
Also, check out Squid proxy server, which controls regular web browsing.
https://www.google.com.hk/search?q=squid+proxy+parental _________________ Router: Asus RT-N18U (rev. A1)
Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!
Facebook: https://www.facebook.com/changmanwai
Website: https://sites.google.com/site/changmw
SETI@Home profile: http://setiathome.berkeley.edu/view_profile.php?userid=211832
GitHub: https://github.com/changmw/changmw |
|