I know that this has been discussed, but as of today, what is considered best practices for banning an IP (or MAC address) from accessing the Internet (WAN zone) during certain times of the day? Primary use case: Defeating Internet access on certain devices for my kids at bed time.
You need to do it in firewall settings.
You go down to rules and you will find the following.
config rule
option name 'Reject LAN to WAN for custom IP'
option src 'lan'
option src_ip '192.168.1.2'
option src_mac '00:11:22:33:44:55'
option src_port '80'
option dest 'wan'
option dest_ip '194.25.2.129'
option dest_port '120'
option proto 'tcp'
option target 'REJECT'
You can check the doc and there is start_time, stop_time.
Be careful of the utc time. When I was using this it always in utc time.
This worked well, @alzhao. Many thanks!
One question, I haven’t found a good way to make the src_ip to be a range, e.g. 192.168.8.50-192.168.8.59. (I just manually add the rule multiple times, changing only the src_ip.) Any ideas?
I am not sure how to use range. Maybe add one by one.
This is what worked for me. I directly edited (after creating a backup) /etc/config/firewall
.
Place the following bock near the top of your firewall rules. Due to some OpenWRT CC bug, all times must be set in UTC. Repeat this for each IP you wish to block.
config rule
option name 'Reject LAN to WAN for custom IP'
option src 'lan'
option src_ip '192.168.8.50'
option dest 'wan'
option start_time '01:00:00'
option stop_time '10:00:00'
option target 'REJECT'