Hello,
Has anyone heard of improvements that would reach Kid Control ?
I started using it and love it for its simplicity vs creating fw rules and address list with matching mac addresses.
That said it blocks all traffic and my goal would be to leave my kids access to the internal network, be able to print stuff, and only block traffic going through the WAN/Internet interface, either a specific interface of an interface list.
Thank you
I guess that it depends on your network setup and configuration, local traffic shouldn't go through the firewall, and what kids control does AFAIK is to add specific dynamic reject rules in the firewall.
Anyway isn't it possible to place an "accept local traffic" firewall rule above the dynamic ones created by kids control?
Thing is, the FW rule is added automatically, position 0:
And the automation also determines IP addresses assigned to the defined Mac addresses of the devices and automatically populate/update the related two rules, one to blocking src-ip forward and the other one dst-ip forward:
That said, rule 0 is editable, so I'll add my stuff and I'll see if it ever gets rewritten (which is what will eventually happen I believe 
)
I don't know, only thinking aloud, local traffic should normally go through the bridge without hitting the firewall, AFAICU 
, so you must have some particular settings in your network or devices?
Like use-ip-firewall in /interface bridge?
Or you could try explicitly accepting local traffic in nat?
Something like:
/ip firewall nat
add action=accept chain=srcnat dst-address=192.168.88.0/24 src-address=192.168.88.0/24 place-before=0