Firewall Time Restrictions/Parental Controls Problems

I should add that yet again, this stopped my entire network from communicating with the WAN. I had to disable all the custom rules. I'm looking into making the fix now.

Different rule.

What does @rule[9] return?

1 Like

Ah right I see, thanks. I don't even know what this is. I think it was there by default and it has always been disabled.

root@*****:~# uci show firewall.@rule[-9]
firewall.cfg0b92bd.icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'

uci show firewall.@rule[9]

root@*****:~# uci show firewall.@rule[9]

[/proc/self/fd/0:90:153-160: Error: Could not parse Day of week of packet reception]


Just for giggles, try changing the capitals to lowercase and run the sequence again.

1 Like

There is a fundamental flaw isnt there? These ideas focus on cuttting off access at the router, but surely kids can easily bypass this on their phones by disabling wifis and connecting to 4G?
If that is right then the real solution is to install commercial parental control software on their phones and laptops. You can easily configure this to enforce time restrictions as well as blocking undesirable content

Thanks. The rules i set earlier from scratch did not work. This was before i made any changes.

I also edited the fw4.uc file with the fix by the lines specified. I did this via WinSCP, saved the file then rebooted, but again it brought down the whole WAN connection and I couldn't recover it.

I took a backup and restored it which got me back online but obviously the issue with the weekdays messing things up still persists.

Maybe I should wait for a snapshot update to come out just incase I make things worse.

Correct, switching to 4G would bypass the restrictions, however you can actually sign up for NextDNS and set profiles on phones that way too. So even if they enable 4G their net is still filtered. Someone on my manual install thread does this. He maintains blocklists via NextDNS website and just uses AGH on his router as a NextDNS client as their client is... somewhat buggy. By using AGH with NextDNS as upstream it all works internally and when they are out on their phones it uses NextDNS directly as upstream.

Its a slightly better way of ensuring your privacy and maintaining blocking than running a vpn to tunnel you back to your home network while you are out and about. However it does mean you have to trust NextDNS with your browsing history. A self hosted AGH is completely under your control and logging is down to your choices.

AGH also has a public DNS which does similar i believe.

1 Like

I see there's a new snapshot out for my router.

@jow would you happen to know if this includes the weekday fix? I did try the fix manually, but I wasn't successful.;a=commitdiff;h=9972f7dca635392832810d2d43b663f08466b088#patch1

Thanks :slight_smile:

No, the fix is not included since the firewall4 package was not yet updated.

1 Like

You are most certainly correct. I do have parental controls in place on my older child's phone which they sometimes get around, but I usually catch them in the end. It should be easier to limit the other devices though, seeing as they don't often go outside the home network. I have tried some parental controls such as the Microsoft one and Bitdefender, but they have not worked too well. Bitdefender in particular was an absolute omnishambles.

It's a constant game of cat and mouse, but we can only do our best, which is much better than doing nothing at all in my opinion.

Ok Thank you! I'll have another go at the workaround and see how I go :slight_smile:

Thanks for that. I had thought about setting up a home VPN and setting the phone up this way. I have a decent upload, so it's certainly possible to do without causing any real performance issues. I'm not so much bothered about the phone anyway seeing as the Family Link app (mostly) works and I can take my child's phone off them easy enough. It's all the other devices (laptops, firesticks, smart TV etc) that I'm trying to limit as well. If one device is blocked, they'll naturally just try the next one.

1 Like

I had another go at the fix by modifying the '-' lines with the '+' lines as below. I did this by editing the fw4.uc file via WinSCP. I then saved the change and restarted the firewall. I did not receive a parser error this time, so I thought this might be it. I created a new rule and tested it but again, the rule did not apply when selecting days. I also restarted the router and set a new rule up again but still no luck.

-                               if (substr(choices[i], 0, length(val)) == val)
+                               if (lc(substr(choices[i], 0, length(val))) == val)
                                        return choices[i];
                for (let day in to_array(rv.val)) {
                        day = this.parse_enum(day, [
-                               "monday",
-                               "tuesday",
-                               "wednesday",
-                               "thursday",
-                               "friday",
-                               "saturday",
-                               "sunday"
+                               "Monday",
+                               "Tuesday",
+                               "Wednesday",
+                               "Thursday",
+                               "Friday",
+                               "Saturday",
+                               "Sunday"

It's working! It looks like a missed something when editing the fw.uc file but seems to be working fine now after I had some assitance from my brother. I've just done a few tests with days selected and it worked. I will know for sure when the kids go mad later when all their devices go offline :laughing:

Thanks everyone for the help and to @jow for coming up with a quick fix!

1 Like

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.

1 Like

Just a thought... but given it worked when u were editing directly with WinSCP? It may have been you had CR/LF in your file rather than just LF. (unix only uses Line Feed. Windows uses Carridge Return/Line Feed.) And this will make unix barf at times. I just had this with someone else in another thread. I wonder if that has been part of the issue? I know there was a fix due to the fault in fw4 but i suspect your other issue was the windows/unix translation.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.