Page 1 of 1

Child bedtime control - scripts

Posted: Mon Jan 08, 2018 7:10 am
by dskillin
I'm sure many of us have bits and pieces we've put together for added functionality, here's an example of one I've done. I hope that someone finds it useful. It would be interesting to see what others have cobbled together to solve "odd" problems.

My scenario:
Control of the children's net usage, specifically enforcing bedtime.

Flexible, to allow either parent to adjust bedtime, based on good (or bad) behavior.
App based modification.
Logging, primarily due to the oldest being industrious.

[*] Use IFTTT to receive SMS messages, which when tagged correctly update a spreadsheet on Google Drive.
IFFT appends a running spreadsheet, the sending phone number, and the date/time of the event.
  • #bt 21h30m
    22h00m +18885551212 January 06, 2018 at 7:04PM
    21h30m +18885551212 January 07, 2018 at 6:11PM
  • A second tab on the spreadsheet uses a formula in A1 to extract the last time placed in to the spreadsheet.

    =left(INDEX(Sheet1!A:A, COUNTA(Sheet1!A:A), 1),search(" ",INDEX(Sheet1!A:A, COUNTA(Sheet1!A:A), 1),1))
  • A Google Script parses the spreadsheet.

    function doGet() {
      var sheetActive = SpreadsheetApp.openById(""); 
      var sheet = sheetActive.getSheetByName("current"); 
      var range = sheet.getRange("A1").getValue(); 
      return ContentService.createTextOutput(range);
  • The Google Script is published as a webapp with anonymous permissions.

    This is where it reasonably should stop, however Google does a mandatory (unique) redirect, which fetch doesn't handle well. There were also some difficulties using a variable for the time in the filter rules, thus enters a simple PHP page to handle the work.
  • On an Apache (PHP) server, the following code.

    	$id = "";
    	$url = "$id/exec";
    	$ch = curl_init("$url");
    	curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    	curl_setopt($ch, CURLOPT_HEADER, 0);
    	curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
    	$data = curl_exec($ch);
    	$data = trim($data);
    	print "$data-1d,sun,mon,tue,wed,thu,fri,sat";
  • Create a base firewall filter rule on RouterOS, give it the comment to search on. Isolate the devices any number of ways, the first example is based on network, the second based on address list (reservations are given to child devices).

    # By Network
    /ip firewall filter
    add action=reject chain=forward comment="rule to change" dst-address=! log=yes log-prefix=\
        "child-after-hours-drop: " reject-with=icmp-admin-prohibited src-address= time=\
    add action=reject chain=forward dst-address=! log=yes log-prefix=\
        "child-after-hours-drop: " reject-with=icmp-admin-prohibited src-address=\ time=0s-7h30m,sun,mon,tue,wed,thu,fri,sat
    # By Address List
    /ip firewall mangle
    add action=mark-packet chain=prerouting comment="Child Traffic" new-packet-mark=child passthrough=no src-address-list=\
    add action=mark-packet chain=forward comment="Child Traffic" dst-address-list=Child new-packet-mark=child passthrough=\
    /ip firewall filter
    add action=reject chain=forward comment="other change rule" dst-address=! log=yes log-prefix=\
        "child-after-hours-drop: " packet-mark=child reject-with=icmp-admin-prohibited time=\
    add action=reject chain=forward dst-address=! log=yes log-prefix="child-after-hours-drop: " packet-mark=\
        child reject-with=icmp-admin-prohibited time=0s-7h30m,sun,mon,tue,wed,thu,fri,sat
  • Create the ip firewall filter modification script on RouterOS.

    /system script
    add name=kid-time owner=user policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/tool \
        fetch url=\"\" dst-path=time.txt;\r\
        \nglobal getTime [/file get time.txt contents];\r\
        \nglobal currentTime;\r\
        \nif (\$getTime != \$currentTime) do={\r\
        \n    /ip firewall filter set time=\$getTime [find comment=\"rule to change\"];\r\
        \n    :set currentTime \$getTime;\r\
  • Run the script on a sane interval, I chose 30 seconds.
    /system scheduler
    add interval=30s name=kid-timer on-event="/system script run kid-time" policy=\
        ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-time=startup
  • Another rule is set in IFTTT to append the spreadsheet around midnight with the default bedtime.
    21h30m autotime January 08, 2018 at 12:02AM
    In under one minute from sending an SMS, the firewall rules automatically adjust to set bedtime for the kids. Each day it is set back to default.

Re: Child bedtime control - scripts

Posted: Wed Jan 10, 2018 5:03 am
by jp
There is a new "tool kid-control" feature just added which I will try out shortly...

Currently the children's devices have fixed dhcp leases with "make static"

Then in queue simple, I have:
add max-limit=1k/1k name=Ipod target= time=20h-6h,sun,mon,tue,wed,thu,fri,sat
add max-limit=1k/1k name=kindle2 target= time=20h-6h,sun,mon,tue,wed,thu,fri,sat
It doesn't technically block it, but 1kbps is pretty useless. I don't know how to make it less than 1kbps.

Essentially at this house, consistency is the key.. It's to make a habit of getting online entertainment done before 8pm, so they are not distracted from winding down the evening and going to bed.

Re: Child bedtime control - scripts

Posted: Wed Jan 10, 2018 11:58 am
by ADahi
use /ip firewall row, easier

Re: Child bedtime control - scripts

Posted: Tue Sep 11, 2018 11:26 am
by etienneschwiz
Just to let you know, there is an Android App that does exactly this.

It is for parents to control their kids Internet by implementing firewall rules based on MAC. Also can schedule bedtime or study time on a daily or weekly basis.

It works via the Mikrotik API and can be managed from outside the home if you have a fixed IP or dynamic DNS