My scenario:
Control of the children's net usage, specifically enforcing bedtime.
Requirements:
Flexible, to allow either parent to adjust bedtime, based on good (or bad) behavior.
App based modification.
Logging, primarily due to the oldest being industrious.
Solution:
[*] Use IFTTT to receive SMS messages, which when tagged correctly update a spreadsheet on Google Drive.
IFFT appends a running spreadsheet, the sending phone number, and the date/time of the event.
- Code: Select all
#bt 21h30m
Code: Select all22h00m +18885551212 January 06, 2018 at 7:04PM 21h30m +18885551212 January 07, 2018 at 6:11PM
- A second tab on the spreadsheet uses a formula in A1 to extract the last time placed in to the spreadsheet.
Code: Select all=left(INDEX(Sheet1!A:A, COUNTA(Sheet1!A:A), 1),search(" ",INDEX(Sheet1!A:A, COUNTA(Sheet1!A:A), 1),1))
Code: Select all21h30m
- A Google Script parses the spreadsheet.
Code: Select allfunction doGet() { var sheetActive = SpreadsheetApp.openById("1..sheet..id..8"); var sheet = sheetActive.getSheetByName("current"); var range = sheet.getRange("A1").getValue(); return ContentService.createTextOutput(range); }
- The Google Script is published as a webapp with anonymous permissions.
This is where it reasonably should stop, however Google does a mandatory (unique) redirect, which fetch doesn't handle well. There were also some difficulties using a variable for the time in the filter rules, thus enters a simple PHP page to handle the work. - On an Apache (PHP) server, the following code.
Code: Select all<?php $id = "A..webapp..id..G-9_G_vc"; $url = "https://script.google.com/a/private.net/macros/s/$id/exec"; $ch = curl_init("$url"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); $data = curl_exec($ch); curl_close($ch); $data = trim($data); print "$data-1d,sun,mon,tue,wed,thu,fri,sat"; ?>
- Create a base firewall filter rule on RouterOS, give it the comment to search on. Isolate the devices any number of ways, the first example is based on network, the second based on address list (reservations are given to child devices).
Code: Select all# By Network /ip firewall filter add action=reject chain=forward comment="rule to change" dst-address=!10.0.0.0/8 log=yes log-prefix=\ "child-after-hours-drop: " reject-with=icmp-admin-prohibited src-address=10.24.35.0/24 time=\ 22h-1d,sun,mon,tue,wed,thu,fri,sat add action=reject chain=forward dst-address=!10.0.0.0/8 log=yes log-prefix=\ "child-after-hours-drop: " reject-with=icmp-admin-prohibited src-address=\ 10.24.35.0/24 time=0s-7h30m,sun,mon,tue,wed,thu,fri,sat # By Address List /ip firewall mangle add action=mark-packet chain=prerouting comment="Child Traffic" new-packet-mark=child passthrough=no src-address-list=\ Child add action=mark-packet chain=forward comment="Child Traffic" dst-address-list=Child new-packet-mark=child passthrough=\ no /ip firewall filter add action=reject chain=forward comment="other change rule" dst-address=!10.0.0.0/8 log=yes log-prefix=\ "child-after-hours-drop: " packet-mark=child reject-with=icmp-admin-prohibited time=\ 22h30m-1d,sun,mon,tue,wed,thu,fri,sat add action=reject chain=forward dst-address=!10.0.0.0/8 log=yes log-prefix="child-after-hours-drop: " packet-mark=\ child reject-with=icmp-admin-prohibited time=0s-7h30m,sun,mon,tue,wed,thu,fri,sat
- Create the ip firewall filter modification script on RouterOS.
Code: Select all/system script add name=kid-time owner=user policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/tool \ fetch url=\"http://private.net/time.php\" dst-path=time.txt;\r\ \nglobal getTime [/file get time.txt contents];\r\ \nglobal currentTime;\r\ \nif (\$getTime != \$currentTime) do={\r\ \n /ip firewall filter set time=\$getTime [find comment=\"rule to change\"];\r\ \n :set currentTime \$getTime;\r\ \n}"
- Run the script on a sane interval, I chose 30 seconds.
Code: Select all/system scheduler add interval=30s name=kid-timer on-event="/system script run kid-time" policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-time=startup
- Another rule is set in IFTTT to append the spreadsheet around midnight with the default bedtime.
In under one minute from sending an SMS, the firewall rules automatically adjust to set bedtime for the kids. Each day it is set back to default.Code: Select all21h30m autotime January 08, 2018 at 12:02AM