Hi. I do have a RB750g that acts as myain router and i would like to restrict access to certain sites (tiktok, Facebook, some others) for x minutes for each MAC. As an example, when one of the MACs in the list Access one of the websites in the list, then start a counter for 20inutes and then block access for this MAC only to these sites.
The next MAC on the list will have its own 30minutes counter to access these sites.
Its a project for a small community group that many kids come around and access these sites. So we would like to restrict it at some level
Clients are free to change their mac when they wish to.
Lets start with those that cannot change their MAC and we will move on that direction aftewards.any idea on how to do it for fixed MAC, please?
1.) Create specific LAN subnet for those clients you want to apply the limitatin on.
THis then allows you to just use the IP address and add it into an time-out address list.
(using MAC is less flexible as you can not create lists to be used in firewall).
2.) create firewall rule in forward chain in following order (you can also search a bit in kid control posts).
- action accept if IP is in ACCEPT_IP_List
- action drop if IP is in Overrun_Time_IP_List
- action add IP to ACCEPT_IP_List timeout=30min
- action add IP to Overrun_Time_IP_List timeout=1h
This means once connected, the IP has 30 minutes, and then 30 minutes time out (1h-30 minutes connection time).
Once time out over of 1h, they can again connect.
Thanks a lot for the reply. That seems to be something in the way that i am looking. The difficult part is the implementation. Since i am not very familiar with Mikrotik, may i ask if you could elaborate a bit more in the code please?