Please can we have a firewall rule grammar element that means we can apply a time-based rule to apply to a current connection.
I set up time and MAC based rules to force my kids off their devices late evening to morning but the rules only stop NEW connections. Another element to the rule should allow existing connections to be terminated on the time limit
e.g. something like: option force-close 'true'
or option end-lease 'force-close'
The idea being it would be part of a rule that specifies clients (by MAC) with open lan or wireless connections and closes the connection, so that the time based rule that rejects traffic applies.
This may be naive or wrong application of the tech but SOMETHING that achieves this goal seems like it needs implementing for many/most home networks where kids are using gaming, social media surfing or other typical teenager late night activities
Is an alternative (seems non-optimal) to define a static IP for their devices and can I force close those IP addresses at a given time irrespective of whether they're in use?
For whatever solution, it would be nice to be able to emit a 'coming up to time' message (a different but complementary time based rule, say 15mins ahead), using a basic protocol, such as MQTT publish, that the target machine could display in notifications (via a custom MQTT client or perhaps Home Assistant)
OK tried that and it immediately locked me and my family out of my router. before I even knew I should or could configure it. What kind of tech obsessed wierdo makes their product unusable by default!
Had to use (something like) https://about.opennds to get back in and uninstall openNDS.
TBH, I think my initial instinct was correct. A rule that wants to reject traffic on the network should just work, whether or not the connection's in use and if the firewall only checks for rules on new connections then it should be open to feature requests to change that for a more user-task oriented approach!
I speak as a UX designer on mainframes where, despite what people may think we put the user experience at the centre of what we do, whatever type of user and whatever level of expertise they have.
Sorry @brada4, not having a go at you but that was a frustrating experience!
Just for the record, once I installed opennds, which I thought just captures port 80 and intercedes with a login splash page, I couldn't even ssh into my router on a custom specified ssh port!
Appreciated I speak as an IT-dino, who almost half a century ago got a comment from a client (mayor airline): "UI must be intuitive; no need for an operator guide. We have a lot of temp workers, we can not afford to teach the usage of the terminal." And another statement: "There is no such issue like user error ..."
I'm prity sure my one cuts off existing connections, but specifying clients by mac often ends in disaster with mac spoofing being the default in apple and android devices.
Enabling devices with known mac might be a better idea?
I'n my setup I have two dnsmasq instances and have an isolated kids wifi and I just kill the wifi in crontab: