Community discussions

MikroTik App
 
dskillin
newbie
Topic Author
Posts: 28
Joined: Mon Mar 06, 2017 5:49 pm

Child bedtime control - scripts

Mon Jan 08, 2018 7:10 am

I'm sure many of us have bits and pieces we've put together for added functionality, here's an example of one I've done. I hope that someone finds it useful. It would be interesting to see what others have cobbled together to solve "odd" problems.

My scenario:
Control of the children's net usage, specifically enforcing bedtime.

Requirements:
Flexible, to allow either parent to adjust bedtime, based on good (or bad) behavior.
App based modification.
Logging, primarily due to the oldest being industrious.

Solution:
[*] Use IFTTT to receive SMS messages, which when tagged correctly update a spreadsheet on Google Drive.
IFFT appends a running spreadsheet, the sending phone number, and the date/time of the event.
  • #bt 21h30m
    
    22h00m +18885551212 January 06, 2018 at 7:04PM
    21h30m +18885551212 January 07, 2018 at 6:11PM
    
  • A second tab on the spreadsheet uses a formula in A1 to extract the last time placed in to the spreadsheet.

    =left(INDEX(Sheet1!A:A, COUNTA(Sheet1!A:A), 1),search(" ",INDEX(Sheet1!A:A, COUNTA(Sheet1!A:A), 1),1))
    
    21h30m 
    
  • A Google Script parses the spreadsheet.

    function doGet() {
      var sheetActive = SpreadsheetApp.openById("1..sheet..id..8"); 
      var sheet = sheetActive.getSheetByName("current"); 
      var range = sheet.getRange("A1").getValue(); 
      return ContentService.createTextOutput(range);
    }
    
  • The Google Script is published as a webapp with anonymous permissions.


    This is where it reasonably should stop, however Google does a mandatory (unique) redirect, which fetch doesn't handle well. There were also some difficulties using a variable for the time in the filter rules, thus enters a simple PHP page to handle the work.
  • On an Apache (PHP) server, the following code.

    <?php
    	$id = "A..webapp..id..G-9_G_vc";
    	$url = "https://script.google.com/a/private.net/macros/s/$id/exec";
    	$ch = curl_init("$url");
    	curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    	curl_setopt($ch, CURLOPT_HEADER, 0);
    	curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
    	$data = curl_exec($ch);
    	curl_close($ch);
    	$data = trim($data);
    	print "$data-1d,sun,mon,tue,wed,thu,fri,sat";
    ?>
    
  • Create a base firewall filter rule on RouterOS, give it the comment to search on. Isolate the devices any number of ways, the first example is based on network, the second based on address list (reservations are given to child devices).

    # By Network
    /ip firewall filter
    add action=reject chain=forward comment="rule to change" dst-address=!10.0.0.0/8 log=yes log-prefix=\
        "child-after-hours-drop: " reject-with=icmp-admin-prohibited src-address=10.24.35.0/24 time=\
        22h-1d,sun,mon,tue,wed,thu,fri,sat
    add action=reject chain=forward dst-address=!10.0.0.0/8 log=yes log-prefix=\
        "child-after-hours-drop: " reject-with=icmp-admin-prohibited src-address=\
        10.24.35.0/24 time=0s-7h30m,sun,mon,tue,wed,thu,fri,sat
    
    # By Address List
    /ip firewall mangle
    add action=mark-packet chain=prerouting comment="Child Traffic" new-packet-mark=child passthrough=no src-address-list=\
        Child
    add action=mark-packet chain=forward comment="Child Traffic" dst-address-list=Child new-packet-mark=child passthrough=\
        no
    /ip firewall filter
    add action=reject chain=forward comment="other change rule" dst-address=!10.0.0.0/8 log=yes log-prefix=\
        "child-after-hours-drop: " packet-mark=child reject-with=icmp-admin-prohibited time=\
        22h30m-1d,sun,mon,tue,wed,thu,fri,sat
    add action=reject chain=forward dst-address=!10.0.0.0/8 log=yes log-prefix="child-after-hours-drop: " packet-mark=\
        child reject-with=icmp-admin-prohibited time=0s-7h30m,sun,mon,tue,wed,thu,fri,sat
    
  • Create the ip firewall filter modification script on RouterOS.

    /system script
    add name=kid-time owner=user policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/tool \
        fetch url=\"http://private.net/time.php\" dst-path=time.txt;\r\
        \nglobal getTime [/file get time.txt contents];\r\
        \nglobal currentTime;\r\
        \nif (\$getTime != \$currentTime) do={\r\
        \n    /ip firewall filter set time=\$getTime [find comment=\"rule to change\"];\r\
        \n    :set currentTime \$getTime;\r\
        \n}"
    
  • Run the script on a sane interval, I chose 30 seconds.
    /system scheduler
    add interval=30s name=kid-timer on-event="/system script run kid-time" policy=\
        ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-time=startup
    
  • Another rule is set in IFTTT to append the spreadsheet around midnight with the default bedtime.
    21h30m autotime January 08, 2018 at 12:02AM
    
    In under one minute from sending an SMS, the firewall rules automatically adjust to set bedtime for the kids. Each day it is set back to default.
 
User avatar
jp
Long time Member
Long time Member
Posts: 609
Joined: Wed Mar 02, 2005 5:06 am
Location: Maine
Contact:

Re: Child bedtime control - scripts

Wed Jan 10, 2018 5:03 am

There is a new "tool kid-control" feature just added which I will try out shortly...

Currently the children's devices have fixed dhcp leases with "make static"

Then in queue simple, I have:
add max-limit=1k/1k name=Ipod target=10.0.54.201/32 time=20h-6h,sun,mon,tue,wed,thu,fri,sat
add max-limit=1k/1k name=kindle2 target=10.0.54.223/32 time=20h-6h,sun,mon,tue,wed,thu,fri,sat
It doesn't technically block it, but 1kbps is pretty useless. I don't know how to make it less than 1kbps.

Essentially at this house, consistency is the key.. It's to make a habit of getting online entertainment done before 8pm, so they are not distracted from winding down the evening and going to bed.
 
User avatar
ADahi
Member Candidate
Member Candidate
Posts: 209
Joined: Thu Sep 21, 2017 7:16 pm
Location: Iraq, Ninavah
Contact:

Re: Child bedtime control - scripts

Wed Jan 10, 2018 11:58 am

use /ip firewall row, easier
 
etienneschwiz
just joined
Posts: 4
Joined: Thu May 10, 2018 7:20 pm

Re: Child bedtime control - scripts

Tue Sep 11, 2018 11:26 am

Just to let you know, there is an Android App that does exactly this.

It is for parents to control their kids Internet by implementing firewall rules based on MAC. Also can schedule bedtime or study time on a daily or weekly basis.

It works via the Mikrotik API and can be managed from outside the home if you have a fixed IP or dynamic DNS

www.lanwize.com

Who is online

Users browsing this forum: maxslug and 23 guests