Joined: 14 Oct 2006 Posts: 296 Location: Sector 001
Posted: Thu Oct 22, 2020 2:33 Post subject: WAN Access Restriction not working?
Greetings,
I currently have r44048 installed on my 1900acv2. I have setup WAN Access Restriction based on client MAC address of an iPhone without a SIM (uses wifi only). Basically I have it setup to stop internet traffic at a certain time of the night and then re-enable itself in the morning.
I've noticed that sometimes, txt messaging still works while other WAN access things do not.
This has been an issue for me for a while. I don't flash my router all that often and I flashed it in August after using a January build in hoping that an update would solve this. It has not.
What I don't fully understand is sometimes the txting is blocked while other times it isn't. Could it be that if there is active txting going on while it spills over into the disabled mode, the active connection stays open?
The problem w/ AR (Access Restrictions) is that it's an old implementation that hasn't kept up w/ the changes around it. For example, the L7-based keyword/url blocking assumes the use of *un*encrypted protocols (e.g., https), but almost all traffic these days is encrypted, making this type of blocking ineffective. We also have a long-standing issue of AR not blocking *existing* connections, due to the fact the AR chain (lan2wan) in the FORWARD chain of the filter table of the firewall is only checked for NEW connections (something that should have been addressed long ago). And most recently, we now have the problem of some OSes randomizing MAC addresses for privacy reasons!
As far as the lan2wan problem, you can fix that one by adding the following to the firewall script.