Timed Access on Routers Supporting IPTABLES (aka “Parental Control”)

With two teenagers in the house and important exams always on the horizon, I needed to limit access to the Internet, particularly when they should be sleeping! Many parents will be familiar with this scenario – you say goodnight and then you hear the familiar “ping” as a Facebook/Instagram/SMS/… notification goes off on their phone. Not good.

I’m currently using OpenWRT on my Linksys WRT-1900ACS v1 router which doesn’t have this sort of access control built in. After much research, I started playing around with IPTABLES rules and hit a snag in that whilst new connections would be rejected, existing connections could keep opening links on the same website – as my youngest watches lots of gaming videos on YouTube, this wasn’t a solution.

Then in a stroke of luck, I stumbled across these 2 rules (which need to be placed in /etc/firewall.user):

iptables -I INPUT -m time --kerneltz --timestart 22:30 --timestop 08:00 -m mac --mac-source xx:xx:xx:xx:xx:xx -j REJECT
iptables -I FORWARD -m time --kerneltz --timestart 22:30 --timestop 08:00 -m mac --mac-source xx:xx:xx:xx:xx:xx -j REJECT

the –kerneltz switch means local time – without it, the times are UTC. You will need to replace xx:xx:xx:xx:xx:xx with the MAC address of the device you wish to control.

I tested this watching a YouTube video and it stopped when the rule triggered.

Result!

This should work with any router that allows you to configure IPTABLES manually or in the GUI.