Posted: Thu Nov 15, 2018 18:36 Post subject: Parental control time limit for kids
I am a newbie with DD-WRT. I have searched the forum for answers to my question but could not find an answer. Anyways, what I'm looking for is a way to control my kids access to the Internet by username/password combination and then give them limited time daily (say two hours per day). Can that be done?
I have the same question as alhashemi. bushant links to a discussion of how to limit access to certain times of the day, but I don't see mention of how to configure a usage time limit. For example, I'm flexible on when my child uses his tablet, but I only want him to use it for a total of 2 hours. https://wiki.dd-wrt.com/wiki/index.php/Parental_control shows how to block access during certain times of day, but doesn't describe how to limit usage within the allowed hours. I've found certain router software allowing this (e.g. Archer A6 https://www.tp-link.com/us/user-guides/Archer-A6_V2/chapter-7-parental-controls#ug-sub-title-1) and Nest Wifi, but support seems spotty.
Joined: 16 Nov 2015 Posts: 6446 Location: UK, London, just across the river..
Posted: Mon May 18, 2020 20:36 Post subject:
the way how i manage it...
Gargoyle-routers OS has limit quotas, by day, week, month or so...and its very useful...the only thing you need is UPS for the router...just bear in mind Gargoyle Os it not that safe and robust like DDWRT is...so run Gargoyle routers behind your main DDWRT router on diff subnet/NAT/DHCP/DNS only for internal stuff...like session management...
of course there are other ways to do it via entware package, but it requires more CLI stuff.... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
the way how i manage it...
Gargoyle-routers OS has limit quotas, by day, week, month or so...and its very useful...the only thing you need is UPS for the router...just bear in mind Gargoyle Os it not that safe and robust like DDWRT is...so run Gargoyle routers behind your main DDWRT router on diff subnet/NAT/DHCP/DNS only for internal stuff...like session management...
of course there are other ways to do it via entware package, but it requires more CLI stuff....
I'm a father of two kids, aged ten and fourteen. One of the more controversial things I do is limit the amount of time they can spend online. I don't make them get off the computer when they reach their time limit. Instead, I don't let them back on. That may sound harsh, but I think it's important for their sake that I set a limit — both for their good and for mine. You can read on https://www.familyorbit.com/blog/parental-controls-iphone/ how to restrict their time spent online. There you will find detailed steps.
Last edited by Oilama on Mon Dec 20, 2021 14:24; edited 1 time in total
After 1.5 days struggling I finally manage to get a script that will limits computer time per day of week for a ip address.
(not fully tested yet)
First you have to enable ssh, cron and jffs filesystem.
Save the script in /jffs/[scriptname]
Make it executable
Set up a cron job, lets say every 10 minutes
Tie the kids macaddress to a certain ip adress.
Edit time and ipaddress in the script and you should be rolling.
The script generate an access_log file in /tmp with timestamp and elapsed used time.
When limits is reach it writes iptables -I FORWARD [ipaddress] -j DROP
When the day rolls over to new day the counters is reset and is set iptables -I FORWARD [ipaddress] -j ACCEPT
You can anytime delete the access_log file in /tmp to reset the counters.
The script is a mess but this !/bin/sh forced me to use others methods to accomplish what I wanted.
Code:
#!/bin/sh
access_log=/tmp/lars_access
ipaddress=192.168.1.127
# limits in day of week in format hh:mm
limits1=01:10
limits2=01:10
limits3=00:05
limits4=00:05
limits5=02:30
limits6=02:30
limits7=00:05
u_time=00:00:00 # deafult counter value for user
s_time=$(date +"%T") # default for last time stamp
function drop_ip {
delete_rules
iptables -I FORWARD -d $ipaddress -j DROP
}
function accept_ip {
delete_rules
iptables -I FORWARD -d $ipaddress -j ACCEPT
echo accept
}
function write_log {
echo write log $1
touch $access_log # create new session_file
echo $1 > $access_log # write current time stamp + used time
}
# session sessions timestamp : 2021-12-12T21:55:58
# s_date session date : 2021-12-12
# s_time session time : 21:55:58
# u_time used time : 01:10
function read_session_log {
if test -f "$access_log"; then # exists session_file ?
savedIFS=$IFS
IFS=T read -r s_date s_time u_time <$access_log # split with T as delimiter to $s_date, $s_time $u_time
IFS=$savedIFS
if [ "$s_date" \< "$(date +"%F")" ]; then # if new session of the day
# u_time=00:00:00 # reset counter
rm $access_log # reset access_log file
write_log $(date +"%FT%T")T$u_time # write new session time stamp
fi
else
echo ny fil
write_log "$(date +"%FT%T")T$u_time" # init access_log file
fi
}
if [ "$u_time" \< "$maxlimits" ]; then # limits have not reach
#echo $u_time
# if [ 1 \< 2 ]; then # limits have not reach
TIME1=$(date +"%T") # current time stamp
TIME2=$s_time # last checked time stamp
#TIME1=12:31:01
#TIME2=11:30:00
# Convert the times to seconds from the Epoch
SEC1=`date +%s -d ${TIME1}`
SEC2=`date +%s -d ${TIME2}`
# Use expr to do the math, let's say TIME1 was the start and TIME2 was the finish
DIFFSEC=`expr ${SEC1} - ${SEC2}`
DIFF=`date +%H:%M:%S -ud @${DIFFSEC}` # format to hh:mm:ss
while [ "$uds" \> "60" ]; do # check against 60 sec
udm=$(($udm+1))
uds=$(($uds-60))
done
while [ "$udm" \> "60" ]; do # check against 60 minutes
udh=$(($udh+1))
udm=$(($udm-60))
done
if [ "$(expr length "$udh")" \< 2 ]; then
udh=0$udh
fi
if [ "$(expr length "$udm")" \< 2 ]; then
udm=0$udm
fi
if [ "$(expr length "$uds")" \< 2 ]; then
uds=0$uds
fi
u_time=$udh:$udm:$uds
write_log $(date +"%FT%T")T$u_time
but not all routers have this module (-m time)kerneltz..
for example Netgear R9000 or R7800 or even R7000 has it...those are large flash ram size routers...
Than again crafty kids may play a tricks and go around those rules, if they know what they are doing...its a cat's and dog's game.. _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Read throw the ipset pdf but I didn't manage to get my head around on how to achieve my goal.
My goal is to set a fixed total timeslot on certain ip.
The "owner" of that ip can then decide how he/she distribute the internet time during the day.
The script check with arp if the ip is active and then counts up the counter from the last check.
So if the user don't use the internet (in other word he/she have shut down the device) the counting stops until he/she starts up the device again.
Hmm I think this script will not work on tablets as they are broadcasting now and then.
The current parent control in dd-wrt just sets a window where access is allowed. I want to set fixed time for example 1 hour and 15 minutes.
Read throw the ipset pdf but I didn't manage to get my head around on how to achieve my goal.
My goal is to set a fixed total timeslot on certain ip.
The "owner" of that ip can then decide how he/she distribute the internet time during the day.
The script check with arp if the ip is active and then counts up the counter from the last check.
So if the user don't use the internet (in other word he/she have shut down the device) the counting stops until he/she starts up the device again.
Hmm I think this script will not work on tablets as they are broadcasting now and then.
The current parent control in dd-wrt just sets a window where access is allowed. I want to set fixed time for example 1 hour and 15 minutes.
well..that's where i use my Gargoyle router, as there is a quota option...and it works out of the box...sadly in DDWRT there is not such a extra yet...just make sure you dont use it as an edge router as im not sure how well is maintained towards security patches...but it should provides some basic safe and sound level... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913