dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
607
share rss forum feed

Blueshoes

join:2010-10-02
Minneapolis, MN

USG 100 is there a "user" acesses time frame, allow/dr

I want to limit my daughter's time on the internet and drop access a couple time a day for a couple hours at a time. Saturday and Sunday need different times to drop. Where would I do this in a USG100?



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:4

Re: USG 100 is there a "user" acesses time frame, allo

Well zyxel uses an object called scheduling which you use to setup one time or recurring timeframes. Unfortunately each schedule (start and stop) is one instance or one object and they do not allow one to group schedule objects (how silly is that).

So you will need to create a firewall rule for every recurring schedule instance you wish to create. At least you can state which days of the week the time frame is valid within.

The easiest way to accomplish this IMHO, is to Create a Lan to Wan firewall that blocks all USERS using the object schedule that applies.
(lets say two for during the day M-F) and one that covers Sat and Sun - so three rules. Now create a firewall rule on the list before those three that explicitly allows lan to wan access for your own use. Could be your pc, laptop, smartphone etc........

Lan to WAN rules.
(1) allow rule any any for your IP (need to create object for your IP)
(2) block rule any any any (use the schedule object1) DENY
(3) block rule any any any (use the schedule object2) DENY
(4) block rule any any any (use the schedule object3) DENY

So for those times of day your blocking all traffic
objects 1 and 2 during the week, and 3 for the weekend as you have setup. But the firewall rule list first checks the rule allowing your IP to access traffic so its permitted.

Hope this helps.

Now there is one caveat. These schedules do not apply to ongoing sessions. In other words if they are connected to a site (an ongoing session such as facebook) the schedule time will not affect it. My understanding is it stops only new sessions.
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"

LlamaWorks Equipment


Kirby Smith

join:2001-01-26
Derry, NH
Reviews:
·Fairpoint Commun..
reply to Blueshoes

Depending on the level of networking sophistication of the parties to be blocked, to be certain that only your devices are allowed, you will have to bind your devices' MAC addresses to the IP addresses you have allowed.

The blocked parties' leaving the sessions ON as a work-around would be difficult to block without force majeure, which might be a 7-day programmable Intermatic timer at the fuse panel interrupting power to any outlets that are feasible for surreptitious computer use. Or, the power could just be interrupted for 5 minutes. This wouldn't help if the computers were battery or UPS powered.

What the routers need is a timing rule that flushes the session table on command. Most sessions would immediately be reconnected (if my experience with my Xincom is relevant -- the Xincom had a GUI button that could flush the table), but sessions that violate the firewall would, one hopes, not be reestablished.

There is a Donald Duck vs. his nephews access escalation comic plot in here somewhere.

kirby



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10
Reviews:
·TekSavvy DSL
·Bell Fibe

1 edit

said by Kirby Smith:

Depending on the level of networking sophistication of the parties to be blocked, to be certain that only your devices are allowed, you will have to bind your devices' MAC addresses to the IP addresses you have allowed.

Additionally without a need of IP-MAC binding you can simply create user accounts on USG for members of your family and tie firewall rules to the users. Each user will have to log in to USG to activate their internet access. This way you can create more granular access control and have audit trail (logging) per user (activities such as accessed sites, times, transferred data, etc)

...it's hotel room like internet access


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:4

Nice Brano, I may use that one too.