I've made a Luci module, which allows to restrict the access to the internet for specific hosts.

http://k-szuster.github.io/luci-access-control/

You can block internet access for any single host. The hosts are  chosen
by MAC found on a simple  pop-up list.
Every host may be blocked permanently or have it's own"From time" - "To time" rule. You cam switch on/off each  individual rule or the whole filter by single click..

The existing solutions were not satisfactory for me (although inspiring):
- wifischedule blocks all wifi, bot specific hosts, and not wired LAN ethernet connection
- Mom's Internet Access is close to my needs, but too complicated to build for non-hackers and not integrated with Luci.
- Gargoyle has got sophisticated filtering, but... too sophisticated for every mummy. After all, not every platform supports Gargoyle (mine not).
- Manual editing of iptables' ruless - not for everyday use.

Simple installation: don't build ipk if you don't wish to, just copy a few files to your router. No scripts and  daemons to be cross-compiled. It just makes use of the standard OpenWrt firewall.

Enjoy

Good job. Can You add option for day of the week?

How can the whole module "luci-access-control" be switced on/off by schedule? (enabled/disabled)

It'd be very nice to have the same, but specificating the day of the week.

Thank you in advance,

There is a global switch for the module.
You can reach your goal by simply modifying existing schedules. There is no schedule to control other schedules :-) I prefer to keep things simple.

Anyway, thanks for all comments. I'm going to add filtering by the days of week.
I can add week days into rules, or alternatively:l make a separate table for schedules and allow selecting a schedule for each rule.

Thanks for adding days of week. Simply tickboxes, or similar, with the days if week would be perfect

Hi, can You specify how can i change the global switch with a script, please ?

Not that simple, because all logic is in lua script. You need to do the same in a script. Make a script containing the following:

#!/bin/sh
VAL=$1
if [ "$VAL" != 0 ] && [ "$VAL" != 1 ] ; then
    echo Supply argument: 0 or 1
    exit 1
fi

CNT=0

uci set access_control.general.enabled=$VAL
while uci get firewall.@rule[$CNT] >/dev/null 2>&1 ; do
    ON=`uci get firewall.@rule[$CNT].ac_enabled 2>/dev/null`
    if [ $? == 0 ] ; then 
        if [ $ON == 1 ] ; then
            ON=$VAL
        else
            ON=0
        fi
        uci set firewall.@rule[$CNT].enabled=$ON
    fi
    CNT=$((CNT+1))
done
uci commit
/etc/init.d/firewall restart

Invoke it with argument 0 or 1.

Hi,
my name is Joerg and I am new here. I am trying to config my TL Wdr 3600. Until now I have installed CC 15.05.

I tried to run this nice Luci module. There for I copied all the files to the router and made a reboot. I can see in Luci the Access Control under Network. When I try to open it with IE or chrome, a failure appears. Website not available. What could be the reason there for?

Chrome gives me the following response:

/usr/lib/lua/luci/dispatcher.lua:433: Failed to execute cbi dispatcher target for entry '/admin/network/access_control'.
The called action terminated with an exception:
/usr/lib/lua/luci/cbi.lua:311: Unable to read UCI data: access_control
stack traceback:
    [C]: in function 'assert'
    /usr/lib/lua/luci/dispatcher.lua:433: in function 'dispatch'
    /usr/lib/lua/luci/dispatcher.lua:168: in function </usr/lib/lua/luci/dispatcher.lua:167>

(Last edited by jz2000 on 21 Nov 2015, 14:09)

The software does work with CC, as reported by many. What I can suggest is to make sure you have installed all files properly.
To make things easier, I added a ipk package to the repository. You can copy it to you router and opkg install it.

I have "OpenWrt Chaos Calmer 15.05 / LuCI (git-15.248.30277-3836b45) "
and the module works as expected.

Thanks for the work this is what I was looking for.  Do you still plan to add the day of the week check box.  I only restrict access Sunday thru Thursday(school night) and would love to be able to set it and forget it.

That script "kills/turns on"  all firewall rules. If there are other custom rules, not only the access control rules - they will be killed also ???

(Last edited by dnk on 23 Nov 2015, 14:29)

No. The rules added in the Access Control section are marked with additional field: ac_enabled. Te above script affects only records containing this field.

This should be implemented directly into the openwrt package.
Just, you know, add  the days of the week?
Thanks!

NEW VERSION AVAILABLE

Added filtering by week day.

Package ready to install on all platforms:
https://www.dropbox.com/s/suxf7vdleerbc … l.ipk?dl=0

...and a sample screen shot:
https://www.dropbox.com/s/26z6nu7d015n5 … t.png?dl=0

If you'd like to build the package yourself, there is source repository:
http://k-szuster.github.io/luci-access-control
as a Luci app, and:
http://k-szuster.github.io/luci-access-control-package
as a standalone package.
Both contain the same code.

Great job !!

Thank you very much this is perfect!!

Awesome job! It is exactly what I want!

NEW VERSION AVAILABLE

Now, it works properly with Openwrt Luci theme. Some minor bugs are fixed.

Package ready to install on all platforms:
https://github.com/k-szuster/luci-acces … .1_all.ipk

Source repository:
http://k-szuster.github.io/luci-access-control
as a Luci app, and:
http://k-szuster.github.io/luci-access-control-package
as a standalone package.
Both contain the same code.

Great job !! Have Many Thanks!

Yes Great Job!!

Would it be possible to block certain ports like 80 or 22  or 80,22,443 and leave everything else alone?

Thanks Again

This task is different from what I needed. Your proposal (and some other's) is to make  a universal traffic filter with time control. Such universal filter is already there. It only misses scheduling. To achieve the goal, the firewall should be extended by adding schedules similar to those in "internet access scheduler".
Technically this is simple, it requires modification of firewall lua scripts. Low level firewall/iptables software would remain unchanged.
Such firewall rules, as general, would cover the functionality of my software.
Anyway, the above approach means modifying existing Luci system, which is hard task for me. Perhaps you should ask Luci maintainers? I am ready for collaboration.

I don't think this works with the recent update.  Is it just me?

This isn't available over Luci > System > Software > Available packages? if not, it will be?