Properly configured with a proper build, access restrictions will shut down users.
Try 12:01 - 7:00
Try selecting each day, rather than "everyday". _________________ SIG:
I'm trying to teach you to fish, not give you a fish. If you just want a fish, wait for a fisherman who hands them out. I'm more of a fishing instructor.
LOM: "If you show that you have not bothered to read the forum announcements or to follow the advices in them then the level of help available for you will drop substantially, also known as Murrkf's law.."
Posted: Thu Dec 08, 2011 4:49 Post subject: Access Restrictions not working
I'm having the same issue
I have 2 routers in AP mode, WRT54GS V4 as the gateway and WRT54GL V1.1 as the router.
Both are using Firmware Version DD-WRT v24-sp2 (08/12/10) std - build 14929 and neither access restriction policies work when setup as the main router.
The funny thing is I had wrt.v24_vpn_generic.bin build 13064 installed in both routers for 2 years without any issues, until I had a couple of crashes due to I think, too many port forwards, so I went for the standard version for a little more ram space and decided to go for the recommended brainslayer 14929 build, which doesn't seem to be working for me.
Same thing here, v24 sp2 on a WRT54G v2. I've denied the IP and MAC I'm posting from, tested all days instead of everyday, etc. Nothing. Packets go through just fine. I'm hoping to use it to block everything but L2TP for when using a VPN so as to not leak if the connection drops, yet otherwise leave all other devices untouched and running directly.
Joined: 09 Aug 2012 Posts: 1 Location: Laval, QC, Canada
Posted: Thu Aug 09, 2012 22:11 Post subject:
I have exactly the same problem here.
However, in my case, I found out that the issue is caused by having an Openvpn client enabled on the router. Disabling the openvpn client solves the problem.
I have tried to work around the problem by leaving the VPN on during the day, and setting cron jobs to disable the vpn at midnight, and restart it in the morning. My access restrictions are just to deny internet access after midnight after all.
The weird thing is that if the vpn is enabled but not running, the access restrictions still does not work! For example, the vpn client is enabled. I do a "killall openvpn", which shut downs the vpn. Access restrictions does not work. The client needs to be Disabled for access restrictions to work.
Posted: Wed Mar 06, 2013 6:43 Post subject: Post subject: Access Restrictions not working
Has anyone come up with a solution to this other than buying another router? Have flashed firmware multiple times and tried all other suggestions with no success.
Posted: Thu Nov 14, 2013 18:00 Post subject: Access restrictions
Hi, I know this thread is a bit old but came across it while having problems with access restrictions.
I found the default time server wasnt working and so the time (top right) was wrong. Typed in another and then it worked ok.
Also I had started with filtering mac addresses and went onto fixed IP addresses and filtering them instead (easier to identify) I forgot to delete the mac addresses from the filtering list, which caused some problems.
Also try not starting more than one rule at the same time.
v24 sp2 TL-WR1043ND
Posted: Sat Jan 11, 2014 0:50 Post subject: Either MAC or IP
Ok, so I'm not the only one flummoxed by this.
On my router, it seems that MAC addresses only work for access restrictions if the IP address of the computer is dynamically assigned.
Once I assigned static IP numbers to our computers, the access restrictions stopped working. I deleted the MAC address entries and assigned clients based on IP address, and the restrictions worked again.
Can't guarantee this'll be the issue for everyone, but it was for me.
Joined: 07 Mar 2013 Posts: 10 Location: Springfield, VA
Posted: Sat Jan 11, 2014 4:37 Post subject:
I switched to a Kong build, and access restrictions have worked ever since. It sounds like no one is ever going to fix them in the other builds. _________________ Router: Linksys E2500
Firmware: DD-WRT v24-sp2 (06/08/12) big - build 19342
I'm currently using the most recent Brainslayer build, not the one that comes up from the database.
From what I can tell, my router isn't yet included in the list of models that Kong's build supports.
I might have a fix for you -
I have a Linksys E2000 and have been on 14929 for years, but just upgraded to the latest Brainslayer (23919 vpn) to get 4 years of random security and other fixes.
After the update, Access Restrictions (one total Deny, based on MAC) didn't work, and it did on the old build.
I read through tickets that might be related and found this one:
deciphering the tangle of ideas and mutual frustration in that thread, I got the impression that a couple years ago, a firewall module changed to a different one, and the new one sits differently in the stack of filters, so when it's on, the Access Restrictions get skipped entirely.
With this in mind, I looked around the web gui and tinkered with some settings. I found that in Security - Firewall, if I Disable the top line of Stateful SPI Firewall, then suddenly Access Restrictions takes effect again.
On the surface this seems like a bad tradeoff, but I think I'm ok with it - this isn't the setting for the overall firewall, just the Stateful Packet Inspection system that I don't expect to do much in a home router anyway.
I hope this helps others!
ETA - Also confusing things is an apparent bug in time zone offsets, if you tell the web gui that you're not in UTC. To make my time-based Deny work, I set my timezone to UTC, set the access rules in terms of UTC time, and unfortunately then had to split it into two rules spanning midnight, one for M-F and the second Tu-Sa. But at least it works now.
I don't get dadwug's method, and the above method doesn't work either.
Yeah, my method above turns out to only sporadically work, unfortunately. I ended up giving up on it but also no longer need the feature active so I stopped looking for other workarounds.
