Ok so heres what im trying to do... havent yet installed OpenWRT as i want to make sure it can do what im after...
Will be using a Linksys WRT-1900ACS
WAN port - connects to ISP supplied (crappy) router (which i have to use) - set Wan side ip to
WAN 192.168.1.2 / 255.255.0.0
Local Side - 192.168.0.1 / 255.255.255.0 (Gateway)
Configuring general connections seems basic enough and easy to sort from what i've seen so far...
But - i want to limit my kids net access.. i only use static ip's and use mac filtering to stop anyone else just plugging up and assigning them a IP within my network range and getting free access...
I also want to block ALL websites access for specified IPs/MAC's except for the websites i choose to allow them to access <-- Is this possible..?
I also want to set times for them to have INTERNET access - and when thats not allowed only SMB access to a media server on the local network...
E.G. Friday 6am - Sunday 10.30pm / Wednesday 6am - Wednesday 10.30pm.. and the off days just local SMB access to media server on my local network
I used to use a TP-Link router which did allow me to do all of that except blocking all websites apart from the ones i specifiy...
Anyone able to give me a heads up - if thats all possible and easy enough to do..?
One must always consider the time invested vs the defeatability of the solution.
The tricky requirement in your needs is per ip/mac "whitelisting"..... That might take some study or assistance. The good news is that most of the solutions are very easy to maintain / change..... it's just choosing one/options that are better suited to your needs and being realistic about what it will do and how much time your willing to put into configuring it.
You sound fairly knowledgeable... basically if you see this as something you'd like to tinker with ongoingly..... it could be a good endeavor.......
To start with if you go ahead..... try to avoid complex solutions.... there are a plethora out there.........
Blocking websites other than a whitelist... The best way to do this is to run a squid proxy. You block outgoing connections to port 80 and 443 and then force your LAN machines to set a proxy. Now you use ACL definitions to restrict what the kids machines can access. Using IP address of the kids machines and a whitelist of domains.
Any other method works much less well. One major reason is that many websites DNS resolve to the IP addresses of content delivery networks, so you can't block at the IP address level you must block at the domain name level, and this can only be done by a proxy configured explicitly. TLS connections won't work without the explicit proxy config.
Once you have a proxy you can do lots of other good stuff, like DSCP tag video streams or set time of daay restrictions. I have my proxy firewall tag data from googlevideo.com and then calculate a daily quota and shut off YouTube after 1.5GB per day using firewall quota rules. I find this infinitely better than constant negotiations, and my kids like it better too.