Community discussions

 
User avatar
jp
Long time Member
Long time Member
Topic Author
Posts: 599
Joined: Wed Mar 02, 2005 5:06 am
Location: Maine
Contact:

tool kid-control

Fri Dec 29, 2017 7:07 pm

Found it playing with command line completion in the CLI of 6.41

Nothing in search results or official documentation.

I'm very interested. Anyone played with it or have further documentation?
 
rjscomms
Member Candidate
Member Candidate
Posts: 132
Joined: Fri Jan 28, 2011 12:22 pm

Re: tool kid-control

Sat Dec 30, 2017 1:24 pm

Hi jp,

I had a look myself but got stumped on the user part under the device section.

I tried adding a normal user and a hotspot user (although the hotspot server was not running) and it did not accept the name I tried to enter for the user part.

It does look interesting though. I'll try to remember to keep an eye on the wiki recent pages link.

Dave.
 
User avatar
jp
Long time Member
Long time Member
Topic Author
Posts: 599
Joined: Wed Mar 02, 2005 5:06 am
Location: Maine
Contact:

Re: tool kid-control

Tue Jan 09, 2018 10:38 pm

It's been updated in the wiki!
 
User avatar
doneware
Trainer
Trainer
Posts: 539
Joined: Mon Oct 08, 2012 8:39 pm
Location: Hungary

Re: tool kid-control

Mon Jan 15, 2018 10:39 pm

It's been updated in the wiki!
https://wiki.mikrotik.com/wiki/Manual:Kid-control

btw, the last 42rc (rc9) refers to it as /ip kid-control.

to be honest, identifying devices by their IP address is kind of dumb. especially since dual stack is not a thing and most of our kid's devices support seamlessly IPv6. i learned it on a hard way - got my fine-tuned parental control stuff running ~2yrs ago and next day they were still watching youtube videos instead of doing their homework. iOS just uses whatever it is available, so the videos fell back to IPv6 as the browser realised the v4 content is accessible no more, without any user intervention.

and since all the devices implement IPv6 privacy extensions, a simple v6 capable terminal can have multiple v6 addresses simultaneously.

so my approach is based on mac address: i set up a mangle rule both for v4 and v6, where i assign all the device's mac addresses to a marked connection, then in _both_ firewalls (v4/v6) i can easily match on the flow and apply the necessary enforcement.
 6    chain=prerouting action=mark-connection new-connection-mark=kid1 
      passthrough=no src-mac-address=48:D7:05:AB:CD:EF 

 7    chain=prerouting action=mark-connection new-connection-mark= kid1 
      passthrough=no src-mac-address=88:CB:87:AE:12:34 

 8    chain=prerouting action=mark-connection new-connection-mark= kid2 
      passthrough=no src-mac-address=AC:87:A3:EF:53:D1 

 9    chain=prerouting action=mark-connection new-connection-mark= kid2 
      passthrough=no src-mac-address=5C:F5:DA:C7:F2:13 
then scheduled events can enable & disable the respective firewall rules based on their "comment" value using regex matching.
i hope the kid-control will also utilise mac addresses soon.
#TR0359
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24259
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: tool kid-control

Tue Jan 16, 2018 2:39 pm

Fixed the manual. It was moved to IP in last RC
No answer to your question? How to write posts
 
pe1chl
Forum Guru
Forum Guru
Posts: 5913
Joined: Mon Jun 08, 2015 12:09 pm

Re: tool kid-control

Tue Jan 16, 2018 3:29 pm

to be honest, identifying devices by their IP address is kind of dumb.
I agree, and it is a bit discomforting that even today such a feature is moved from "tool" to "ip", apparently not recognizing the fact that there is "ipv6" as well.
IPv6 still appears to be very low on the MikroTik priority list. Most of the existing features and all of the new stuff only supports IPv4.
 
User avatar
AlainCasault
Trainer
Trainer
Posts: 624
Joined: Fri Apr 30, 2010 3:25 pm
Location: Laval, QC, Canada
Contact:

Re: tool kid-control

Tue Jan 16, 2018 4:35 pm

To be honest, what is it that we couldn't do before by using fw filters and other facilities? I've been doing kid control for years.


Sent from Tapatalk

___________________________
Alain Casault, Eng.
If I helped you, let me know!
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24259
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: tool kid-control

Tue Jan 16, 2018 4:36 pm

That's not the point. It's an interface for easier management of firewall rules. There will also be an App for this. More features will come too.
No answer to your question? How to write posts
 
User avatar
jp
Long time Member
Long time Member
Topic Author
Posts: 599
Joined: Wed Mar 02, 2005 5:06 am
Location: Maine
Contact:

Re: tool kid-control

Tue Jan 16, 2018 11:57 pm

Much appreciated Normis. I think this could help us bring Mikrotik more into the residential market, where it's mostly mikrotik==business for us at the moment.

Regarding using mac address instead of IP would not solve anything.. Many devices can produce a random mac address for security purposes. If they don't do that, there is a good chance you can alter the mac address.
 
reinerotto
Member
Member
Posts: 437
Joined: Thu Dec 04, 2008 2:35 am

Re: tool kid-control

Fri Jan 19, 2018 4:32 pm

>Regarding using mac address instead of IP would not solve anything.. .<
No. Because it depends upon, how to use the MAC.
ALmost 2 years ago I did a commercial parental control device (AP/router) on openwrt, based on MAC-control. And DNS-hijacking. Unknown MACs have everything blocked, so faking the MAC addrs does not help.
Again, trying to put an application on top of RoS, which is too limited in functionality to achieve the goal perfectly.
Similar to hotspot functionality.
Open RoS, and the scenario changes.
 
netbus
newbie
Posts: 45
Joined: Mon Sep 04, 2017 12:42 pm

Re: tool kid-control

Sun Feb 04, 2018 12:55 pm

Currently it is not working in 6.41.rc15.
No matches in dynamic Rules

Edit: I mean 6.42.rc15
 
User avatar
lewekleonek
just joined
Posts: 6
Joined: Sun Feb 04, 2018 7:06 am

Re: tool kid-control

Fri Feb 09, 2018 3:04 pm

How come that everyone including MikroTik's wiki site: https://wiki.mikrotik.com/wiki/Manual:Kid-control says that kid-control is done under:
/ip kid-control
in 6.41.

hAP ac here with 6.41.1 upgrade (both RouterOS and Routerboard firmware) and I still see that kid-control is under:
/tool kid-control
Am I missing anything here?
 
netbus
newbie
Posts: 45
Joined: Mon Sep 04, 2017 12:42 pm

Re: tool kid-control

Thu Apr 19, 2018 4:32 pm

because ROS 6.42 is out I tried to give /ip kid-control a chance but I didn't figure out how it works
I tried diffrent time windows but there is no dynamic reject policy set. when I manual pause some kid then ROS is setting dynamic reject policy.

And the second thing I don't unterstand is "time for rate limited"
when I set some time window then this schedule is working reverse. for example I set 20:00 - 07:00 but queue is triggered from 07:00 - 20:00
Can anybody confirm?
 
gotsprings
Forum Veteran
Forum Veteran
Posts: 776
Joined: Mon May 14, 2012 9:30 pm

Re: tool kid-control

Thu Apr 19, 2018 6:35 pm

Testing it for the first time in 6.42.

I don't see a dynamic firewall rule anywhere... and the "blocked device" is not blocked at all.
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
maidinekhalid
newbie
Posts: 29
Joined: Mon May 18, 2015 2:13 pm

Re: tool kid-control

Tue Apr 24, 2018 12:20 pm

Testing it for the first time in 6.42.

I don't see a dynamic firewall rule anywhere... and the "blocked device" is not blocked at all.
It's the same for me
 
rasak
just joined
Posts: 1
Joined: Mon May 14, 2018 2:12 pm

Re: tool kid-control

Mon May 14, 2018 2:30 pm

Hi, been trying to setup the Kid Control, however, it seems not to be working at all via WebFig :(

Kid added, Device added. But its impossible to create a schedule and Rate Limit via WebFig. Even manually pausing the kid doesn't work - no FW rule created

but:

it works (limited functionality) when this is set via ssh. Then Im able to limit the schedule, devices and stuff. But Rate limit doesn't work at all.
Data in WebFig is not updated at all (time schedule). I need to apply the rate limits, any ideas?

Tried on 6.42.1, the upgraded to 6.43rc11 - no change
You do not have the required permissions to view the files attached to this post.
 
etienneschwiz
just joined
Posts: 4
Joined: Thu May 10, 2018 7:20 pm

Re: tool kid-control

Tue May 15, 2018 4:09 pm

There already is an Android App that works with Mikrotik for kid control using standard FW rules.

Its called LANwize.

www.lanwize.com
Last edited by etienneschwiz on Tue May 15, 2018 4:56 pm, edited 1 time in total.
 
netbus
newbie
Posts: 45
Joined: Mon Sep 04, 2017 12:42 pm

Re: tool kid-control

Tue May 15, 2018 4:41 pm

thanks for sharing this nice app but this app is independet from the mikrotik kid-control feature.
so we want to get the kid-control feature fixed.
 
netbus
newbie
Posts: 45
Joined: Mon Sep 04, 2017 12:42 pm

Re: tool kid-control

Fri May 25, 2018 12:45 pm

Now with 6.42.2 it looks a litte bit better but there is a problem with the dynamic Policies which are generated.
They are added to the bottom of the Filter Rules wich means, they never will get traffic.
Whereas for example Hotspot is adding his Policies to the top of the Filter Rules.
Please Mikrotik, get this fixed.
 
User avatar
nichky
Long time Member
Long time Member
Posts: 527
Joined: Tue Jun 23, 2015 2:35 pm

Re: tool kid-control

Fri May 25, 2018 2:25 pm

I found some strange i want to share with you.

I've got issues with limitations the traffic. Simple i can specify the time e.g. 15:00:00 17:00:00, and if i set up same on Time For Rate Limited: 15:00:00 17:00:00 it will no work. I have to set up like 15:00:00 15:00:00

Rate Limit=1M

Anyone can shere experience about that.

Thanks
Nikola Suminoski
MikroTik Consultan
MTCRE l MTCWE

!) Safe Mode is your friend;
 
skept2it
just joined
Posts: 9
Joined: Sat Mar 03, 2018 3:47 pm

Re: tool kid-control

Wed May 30, 2018 11:03 am

Really a great idea kid control but as said earlier the rules need to be added in the beginning!
At the end after a "drop all" they will not work (as it is now).

Solution could be:
make one chain for kid-control that user can place in the firewall rules where wanted (after drop invalid etc. and before drop all statement?)
and those rules are always added into that chain...

Regarding the bandwidth control do you have other queues already setup for the interface for instance or hotspot level?
Those might overrun the kid control bandwidth or interfere somehow with it and I would only use one place to define queues.
---
cap hap map snap.....miam miam
RB4011, that looks good....
 
Budit
just joined
Posts: 2
Joined: Tue Jun 12, 2018 10:55 am

Re: tool kid-control

Tue Jun 12, 2018 11:02 am

I have the same problem as NetBus in that the policy is applied to the bottom of my firewalls and does not work. why would it not go to the top. I can't see anyway to do this? Anyone have a solution? Thanks
 
skept2it
just joined
Posts: 9
Joined: Sat Mar 03, 2018 3:47 pm

Re: tool kid-control

Wed Jun 27, 2018 1:19 pm

Kid control firewall rules position is fixed now in latest routers release.
They are added in the top first position.

Note that it seems only reject rules are added. To "accept" I believe you need to do your own (which makes sense).

Envoyé de mon SM-G930F en utilisant Tapatalk

---
cap hap map snap.....miam miam
RB4011, that looks good....
 
vacari
just joined
Posts: 7
Joined: Fri Mar 04, 2016 2:56 am

Re: tool kid-control

Wed Jul 18, 2018 6:43 pm

Any day of the week that contains 00:00:00-00:00:00 causes the internet to be released every other day, even if you have restrictions on time.
to solve this temporarily I had to put in the other days (those that should be released) 00:00:01-23:59:59.
Thanks
 
woro
newbie
Posts: 47
Joined: Sun May 24, 2015 12:47 am

Re: tool kid-control

Thu Nov 01, 2018 12:05 am

Meanwhile I'm on 6.43.4 and the Tik App was updated as well recently to provide user friendly (first level) kid control feature.
But still when I'm using winbox to enable/disable/configure kid-control I see incomplete firewall rules created (e.g. just for two devices instead of the configured three), I do not see them removed or disabled when I disable the "kids" and so on.
Can someone please clarify the status of that feature in 6.43.4 and if it supposed to work tell us how to use it to really make it work?

EDIT: And also provide information about the IPv6 feature. If you want to address not-that-advanced users (aka home users?) then you need to consider IPv6 meanwhile as almost all ISPs provide native nowadays. And actually it makes around half of my traffic already. Speaking of youtube when I think of my kids.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5913
Joined: Mon Jun 08, 2015 12:09 pm

Re: tool kid-control

Thu Nov 01, 2018 10:23 am

And also provide information about the IPv6 feature.
It appears that MikroTik consider IPv6 a bolt-on feature, not an integral part of the internet protocol suite that has to be supported in all facilities on the router.
There is lack of IPv6 support in many parts of RouterOS. kid-control is just one of them.
 
woro
newbie
Posts: 47
Joined: Sun May 24, 2015 12:47 am

Re: tool kid-control

Mon Dec 03, 2018 8:31 pm

I'm still hoping someone can bring some insight into why I do not get firewall rules created in most of the cases? Currently never.
 
davidja
just joined
Posts: 20
Joined: Mon Aug 11, 2014 10:14 pm

Re: tool kid-control

Fri Dec 07, 2018 8:13 pm

I am on the latest version and get blocked. Cant unblock at all. Any help appreciated
 
redwood
just joined
Posts: 2
Joined: Thu Dec 13, 2018 8:23 am

Re: tool kid-control

Thu Dec 13, 2018 8:58 am

I was just playing with kid-control and found that it would only create the filter rules when the device tried to communicate.
Also, you can't have an end time of 00:00:00 for any of your time settings. Setting 00:00:00 for any setting means the rules will never start.
 
netbus
newbie
Posts: 45
Joined: Mon Sep 04, 2017 12:42 pm

Re: tool kid-control

Thu Dec 13, 2018 6:59 pm

does it work for ipv6 as well?

Gesendet von meinem CLT-L29 mit Tapatalk

 
michalkordac
just joined
Posts: 2
Joined: Fri Sep 30, 2016 6:00 pm

Re: tool kid-control

Tue Dec 18, 2018 11:41 pm

Hi everyone,
figuring out the required time format input is quite difficult, as it is not documented anywhere in the mikrotik help. After some filing and guessing based on the examples I discovered it takes the following:
hh:mm:ss-hh:mm:ss
in 24h format. If the end of the day is needed, webfig will be satisfied with
1d 0:0:0
. I hope this helps.
Another issue there is, you have to reload the page (and log in again) to get thee content refreshed. Well it's just a web page and the content is not dynamic. Maybe some later version.

A real bug I still have is with attempts to use the rate-limit function. It appeared to work just fine during the initial setup. It seemed to me, that to get the rate limited, both the connection had to be allowed for the time of the day and also the "time for rate limited" connection had to be active. A rule was being generated in the Queues sections. Surprisingly, after few days, this does not happen anymore. Either something had changed, or as the rules were getting an ordered numbers every time the rule was generated, the system run out of rules to apply. In this case maybe it would be better, if the rules were generated only once (or if non-existent) and then just enabled/disabled based on the schedule.

All the above was verified using the 6.43.4 (stable) version of the RouterOS.
 
dougemes
just joined
Posts: 1
Joined: Tue Dec 25, 2018 7:42 am

Re: tool kid-control

Tue Dec 25, 2018 7:52 am

the time selection broke 2 months ago. I used to be able to run all the way to midnight, now you cannot have a 24 hr on for kid control. and the minutes have been deprecated so for now I have 00:00:00 to 23:59:00 to get a couple of them to run ALMOST 24 hours. when is this going to be fixed?
 
erlinden
Member Candidate
Member Candidate
Posts: 173
Joined: Wed Jun 12, 2013 1:59 pm

Re: tool kid-control

Sat Dec 29, 2018 10:54 pm

[Update]
It seems to work with the settings shown underneath...

I want to use the Rate Limit in combination with Time For Rate Limited. My preferred schedule would be:

24x7 Internet access
Every day, limit at these times:
00:00:00-07:30:00
11:30:00-16:00:00
20:00:00-00:00:00

Though it seems obvious, I don't seem to get it to work. Any help?
Image
 
User avatar
Bigfoot
Frequent Visitor
Frequent Visitor
Posts: 76
Joined: Sat Jan 15, 2011 10:41 am
Location: South Africa

Re: tool kid-control

Thu Jan 03, 2019 10:24 am

Looks like kid-control is broke.
 
netbus
newbie
Posts: 45
Joined: Mon Sep 04, 2017 12:42 pm

Re: tool kid-control

Thu Jan 03, 2019 10:30 am

Looks like kid-control is broke.
it was never working before Image

Gesendet von meinem CLT-L29 mit Tapatalk

 
User avatar
Bigfoot
Frequent Visitor
Frequent Visitor
Posts: 76
Joined: Sat Jan 15, 2011 10:41 am
Location: South Africa

Re: tool kid-control

Thu Jan 03, 2019 11:16 am

I have logged a Ticket with MikroTik Support #2019010322002594, let's see what happens. 8)
 
baragoon
Member Candidate
Member Candidate
Posts: 125
Joined: Thu Jan 05, 2017 10:38 am
Location: Kyiv, UA

Re: tool kid-control

Thu Jan 03, 2019 12:17 pm

I have logged a Ticket with MikroTik Support #2019010322002594, let's see what happens. 8)
will be fixed with ROS7 (c) :lol:
 
netbus
newbie
Posts: 45
Joined: Mon Sep 04, 2017 12:42 pm

Re: tool kid-control

Wed Feb 27, 2019 4:52 pm

anyone tried with 6.44?
for me it's still not working
also tested the new "website" feature which states "kidcontrol not running"

Gesendet von meinem CLT-L29 mit Tapatalk

 
victorkemp
Trainer
Trainer
Posts: 4
Joined: Fri Aug 11, 2017 10:27 am

Re: tool kid-control

Thu Mar 28, 2019 3:35 pm

Hi

Don't know if this is useful but someone showed me this method to get it working.
Just a simple example:

Kids - 1 for each user group
General wifi users
Sun to Sat 00:00:00-1d00:00:00 limit at 3M
Abusers
Mon - Frid 07:00:00-17:00:00 limit aT 1m
EXCO
Sun to Sat 00:00:00-1d00:00:00 limit at 5M
Support
Sun to Sat 00:00:00-1d00:00:00 limit at 4M

Devices are populated autmatically from L2 info gathered (ARP)

To add dynamic simple Queue
double click (select) each device and add to a group by copy)

MKT adds firewall filter rules dynamically for each IP address.
 
victorkemp
Trainer
Trainer
Posts: 4
Joined: Fri Aug 11, 2017 10:27 am

Re: tool kid-control

Thu Mar 28, 2019 3:39 pm

Is Kid control supposed to be added to any of the MTC courses?

I am mentioning it in my MTCNA as part of QoS module.
 
caspat
newbie
Posts: 41
Joined: Wed Apr 28, 2010 3:55 pm

Re: tool kid-control

Sun Mar 31, 2019 3:41 pm

Please add an option in dhcp lease to add device to a already configuered kid.
 
Kronyx
just joined
Posts: 19
Joined: Thu Apr 25, 2019 6:45 pm
Location: Sainte-Catherine, QC

Re: tool kid-control

Fri Apr 26, 2019 5:48 pm

It would be nice to have something like this:

https://pasteboard.co/IbW0cnC.png
 
User avatar
kinx
just joined
Posts: 9
Joined: Mon Sep 04, 2017 9:16 pm
Location: 127.0.0.1
Contact:

Re: tool kid-control

Sat Sep 07, 2019 11:05 am

Still doesn't work at all on 6.45.5. Annoying they release a feature that is working according to them but actually isn't.

When will this be working?
 
voz
just joined
Posts: 5
Joined: Tue Sep 29, 2015 4:03 pm

Re: tool kid-control

Wed Oct 16, 2019 9:48 pm

it would be nice to add time quota per kid instead of fixed time intervals
 
User avatar
AlainCasault
Trainer
Trainer
Posts: 624
Joined: Fri Apr 30, 2010 3:25 pm
Location: Laval, QC, Canada
Contact:

Re: tool kid-control

Fri Oct 18, 2019 9:20 pm

it would be nice to add time quota per kid instead of fixed time intervals
+1

Sent from my cell phone. Sorry for the errors.

___________________________
Alain Casault, Eng.
If I helped you, let me know!
 
User avatar
vader7071
newbie
Posts: 32
Joined: Tue Jan 07, 2014 9:44 pm

Re: tool kid-control

Thu Nov 07, 2019 2:45 am

I have been reading this thread, and I just found kid control on my RB951.

Currently running OS 6.45.7, Firmware 6.45.7

I created the following:
/ip kid-control
add name=Drake tur-sun=06:00:00-19:30:00 tur-mon=08:00:00-19:30:00 tur-tue=08:00:00-19:30:00 tur-wed=08:00:00-19:30:00 tur-thu=08:00:00-19:30:00 tur-fri=08:00:00-19:30:00 tur-sat=06:00:00-19:30:00 

/ip kid-control device
add mac-address=xx:xx:xx:xx:xx:xx name="Nintendo Switch" user=Drake
add mac-address=xx:xx:xx:xx:xx:xx name="Toshiba Laptop" user=Drake
add mac-address=xx:xx:xx:xx:xx:xx name="Tab-A" user=Drake
add mac-address=xx:xx:xx:xx:xx:xx name="Samsung 24 TV" user=Drake
add mac-address=xx:xx:xx:xx:xx:xx name="Galaxy S5" user=Drake
The above code snippet was pulled from my export of the router settings.

As I am typing this, it is 6:30 pm (18:30 h). However, every device on the list is blocked. My understanding is the filter is supposed to allow internet between 8 am and 7:30 pm with the way I have it configured, but it seems to be working in reverse.

Do I have a setting incorrect?
--
And now I shall close on the subject by quoting Ronald Reagan - who, shortly after taking a bullet, was heard to quip "Ow! Ow! Ow!"
 
netbus
newbie
Posts: 45
Joined: Mon Sep 04, 2017 12:42 pm

Re: tool kid-control

Thu Nov 07, 2019 9:44 am

yes,
you only defined where no bandwith limiting is in place but no schedule for internet access.
in your example the code should look like this:
 /ip kid-control add name=Drake mon=8h-19h30m tue=8h-19h30m wed=8h-19h30m thu=8h-19h30m fri=8h-19h30m sat=6h-19h30m sun=6h-19h30m

Who is online

Users browsing this forum: MSN [Bot] and 114 guests