I have three teenage kids more techy than me. I want to block them via their mac address (they suss out changing the IP) to restrict access between a certain hour's say 10.00pm- 6am or 11pm-6am (obviously based on their age). I cannot find out how to do this. I've added their mac address as an object and added a schedule setting. Just need to know where to marry the two parts. I must be missing something as its so easy on other routers I've configured. Thanks in advance

You could try adding there IP as a reservation then they will always get the same IP address back. You can then do a strict bind to IP so if they change the IP they wont get on unless that IP is in the allow list.

Have a look at LAN > Bind IP to MAC then Strict Bind.

Good luck,

John

THanks
Ok understand that bit but where do you actually associate the schedule time & Ip. I have set up the IP as an IP object and the Schedule through the Applications menu. i.e where do you set it up?
Also I read somewhere that if the IP user has a "live" connection they stay connected! kind of defeats the object, most kids never come off.
Many thanks

David

Hello david,

you need to do this via the firewall options.

Go to the default data filter and add a new rule. Configure like so:

Direction: LAN - WAN
Source IP: (kids IP group)
Destination IP: Any
Service Type: Any
Action: Block Immediately
Schedule: (add number of schedule you created).

One thing to note about the schedule, force down doesnt work for firewall rules. Use the force up function, set it for 11pm and then set the number of hours you want to block them for. That should work. It might time out at midnight, in which case you need to create a second rule going from midnight to 6am.

Hi Frag,
Thanks a million,
Couple of questions on the schedule do you mean "force on" I cant find a "force up" also when you say "number of hours" I can set the period only. i.e 11pm - 6am - Or am I in the wrong menu?
Also I tried the bind Ip to Strict bind but it blocks every other ip except the one that is bound.
Many thanks
David

David,
Set up an IP object for each MAC address. Then set up an IP group which contains all those addresses. In the firewall general setup tick "enable strict security firewall" and the default rule to "block". This means that no traffic will flow unless there is a rule to allow it.

In the filter set rule, edit the source IP to be the group you defined, and set the action to allow. Set direction to be "LAN/RT/VPN ->WAN (or something similar - I use a 2920).

Click on the schedule link and set up some times to *allow* access from 6am for 17 hours (i.e. to 11pm). Note that the timer will only work until midnight, so if you set it for 2 hours starting at 11pm, it will only last an hour.

Set the schedule number in the firewall rule.

The call filter set works on "new connections" and the data filter work on "established connections" so you will want to make sure that both have a suitable rule (could be the same rule). Also remember to set the next filter set if required.

Finally, if you use the above method you will need to add more rules for your own machine because nothing else will be allowed access.

Hope that helps...

John