Everything is working fine but I wanted to restrict internet from 10 pm ET to 11 PM. So, I created below traffic rule with Time in UTC checked. (Tried without checking the checkbox and provided 22:00:00 and 23:00:00 as start and end time)
Somehow this wont stop the internet at specified time. Am I doing anything wrong?
Additionally, I see below error message on system log, several times every minute. May not be related and I read the other thread about the same error but could not find any solution over there. I did not install anything other than the base firmware.
Sun Dec 29 11:38:09 2019 kern.err kernel: [126594.149932] cpufreq: __target_index: Failed to change cpu frequency: -22
Sun Dec 29 11:38:09 2019 kern.err kernel: [126594.197826] cpu cpu1: _set_opp_voltage: failed to set voltage (995000 995000 995000 mV): -22
Same behaviour here, and I'm trying to pinpoint the problem for months - I confess that I'm not working that hard on that thought... Here are my hypothesis for now on that I have on this situation:
Might have to do with the way the conversation was started (e.g. from inbound or from outbound). In this case maybe we need 2 rules, one to block in-to-out, and another one from out-to-in
Might be linked to Upnp. Maybe that helps evades restrictions. My router has it enabled for these pesky Xbox...
Already started connection seems not to be dropped. So something like a tunnel would not close immediately.
I'm using specific MAC devices to inject the curfew surgically, so this might also be a factor.
The moment I hit "Restart firewall" whenever I observe this inconsistency, my kids run downs from their bedroom asking if the Internet is down; nope, it's just time for meal!
Beware of smart kids like mines who connects on the guest WiFi, when you forget it open after a party, to bypass these restrictions .
Edit: OpenWrt 18.06.4 r7808-ef686b7292
Edit 2: (Removed, misleading)
Edit 3: This is not UPnP. This is how the rules are ordered that prevent this and there is a brief explanation in this OpenWrt wiki. You actually need to kill the active connections because they are not dropped but new ones are blocked.
Using the Scheduled Tasks, this is how I kill the WiFi connection from the clients, by MAC, that I want the rules to be enforced (restarting the firewall is too intrusive as it resets the connections for everybody):
DjiPi, Thank you for the detailed hypothesis. You are right, I think I may have multiple rules that may be conflicting each other. My internet is behaviour super weird in the last 24 hours. It goes off for some devices and not for others and coming back after a while. I never created any rules based on mac address.
I am not a n/w expert and it is taking lot of time to go through each option and understand. There are just so many options that came with the factory installation.
So I deleted the only forward rule I created and internet seems to be stable at the moment.
Like your trick restarting the firewall lol !!
Will try eduperez's method and see if that works. Will keep you all posted.
Quick update. I kind of made it work but is not consistent. Works roughly 8 out of 10 times.
First off, I had UTC as system time (silly me) and hence it was working sometimes when I set the start and end times in UTC. Then I changed the system time to ET and it is working at expected interval but not always. Still trying to understand if there is a conflicting rule.
Tried creating 2 rules 1 for Accept and other for Reject, still no luck. Will provide an update when I figure it out.
I have 2 questions.
1)Sometimes the computer from where I setup the firewall blocking rule (wireless, not connected via RJ45) is still able to access internet while all other devices couldn't. Is this expected behavior?
2)Do I need to reboot the router every-time I create a new rule or change an existing one?