[skippyV]

Have DD-WRT (Nov 26,2025) installed on Netgear R6700(V2) NightHawk router.
Have a local wired LAN setup such that each computer on the LAN has a Static Lease with no expiration. Some of those computers I've designated IPs within a "range".

In Access Restriction, the WAN Access Policy is enabled with Deny selected. My List of Clients that I want targeted for this restriction, only has the IP range set for IP Range 01.

The Time Period is configure as: 0:00 To 7:00

However, the computers still had access after midnight. Does the WAN access affect LAN connected computers?

[bushant]

Try 00:01 to 7:00

[Alozaros]

not sure if WAN Access restriction is working...

try this if your router supports it...

iptables -I FORWARD -s 192.168.1.101 -m time --timestart 0:01 --timestop 7:00 --weekdays Mon,Tue,Wed,Thu,Fri,Sat,Sun --kerneltz -j REJECT


192.168.1.101 --- must be your client IP

[skippyV]

[skippyV]

[Alozaros]

hmm your range its not a correct to convert it, IP Range To CIDR, try to express it as a CIDR notation
but it would look like
10.0.0.30/31
10.0.0.32/27
10.0.0.64/26
10.0.0.128/25

iptables -I FORWARD -s 10.0.0.30/31 -m time --timestart 0:01 --timestop 7:00 --weekdays Mon,Tue,Wed,Thu,Fri,Sat,Sun --kerneltz -j REJECT

so, one rule for each line to work as intended...kind of..

Also to note, newer builds than 62606 moved to nft-tables and currently there is a glitch with iptables to nft-tables translation...so you may need to use 62606 build and than once the transition to nft-tables settles down, convert all your rules to nft-tables...

At the moment on the newer builds, both rules sets are working at the same time.....and some complex rules are not translated...correctly...to nft-tables...kind of...

[skippyV]

@Alozaros, thanks for all your help. Unfortunately, I'm still not there yet.

I put the 62606 build on it. Then used Administration->Commands to execute each of these commands individually. One at a time.

iptables -I FORWARD -s 10.0.0.30/31 -m time --timestart 0:01 --timestop 7:00 --weekdays Mon,Tue,Wed,Thu,Fri,Sat,Sun --kerneltz -j REJECT
iptables -I FORWARD -s 10.0.0.32/27 -m time --timestart 0:01 --timestop 7:00 --weekdays Mon,Tue,Wed,Thu,Fri,Sat,Sun --kerneltz -j REJECT
iptables -I FORWARD -s 10.0.0.64/26 -m time --timestart 0:01 --timestop 7:00 --weekdays Mon,Tue,Wed,Thu,Fri,Sat,Sun --kerneltz -j REJECT
iptables -I FORWARD -s 10.0.0.128/25 -m time --timestart 0:01 --timestop 7:00 --weekdays Mon,Tue,Wed,Thu,Fri,Sat,Sun --kerneltz -j REJECT

However, the result was similar to before. The machine at 10.0.0.30 had packets rejected starting at 7pm. Instead of the desired time of 00:01 to 07:00.

Meanwhile, none of the other computers were affected even though they also belonged to the ranges above.

Also note the DD-WRT Gui displays the correct time.

Any more suggestions?

[kernel-panic69]

The kernel time zone may be UTC, regardless of all the things done to make the syslog pretty for folks who don't understand the standard.

[skippyV]

[skippyV]

Still trying to get these IPTABLES rules to work... so decided to start over with just ONE rule in this attempt. Which targets only 2 computers with this particular CIDR.

All these commands are done via SSH/Putty.

Changed the time for a 30 minute window and waited. But the targeted Computer still had access - no change.
This command was entered after power cycling the router and ensuring only the default rules were in place.

Attached screenshot