this new logic is much more clear and more logical, it acts like firewall
first accept rules with all options you want and how many you need them
and last one rule is reject everything
my home setup for controling if kids can be on internet from everywhere:
I've defined main WiFi for me and wife, tv and kid's
SSID's: MAIN, TV, KID1MOB, KID2MOB, KID1LAP, KID2LAP
MAIN has strong pass, others simple 12345678
added filters in wireless / access-list
accept: mac:from_tv interface:TV
reject: interface:TV
accept: mac:kids_mobile interface:KID1MOB time:08-21
reject: interface:KID1MOB
and so on...
so every device is locked to propper wifi-ssid and rest is rejected
added scheduler every 5 min:
/tool fetch url="https://user:pass@mywebpage.com/net/io.json"
/system script run dev
io.json looks like this:
{"kid1mob":false,"kid1lap":false,"kid2mob":false,"kid2lap":false,"tv":true}
and made a script: named dev
{
:local check [/file get io.json contents]; # in variable quotes are removed from json so it's like kid1mob:false
:local kid1mob_j [:pick $check ([:find $check "kid1mob" -1]+9)]; #searching for start pos in io.json of string "kid1mob" and get char from pos +9 (t or f)
:local kid2mob_j [:pick $check ([:find $check "kid2mob" -1]+9)];
:local kid1lap_j [:pick $check ([:find $check "kid1lap" -1]+9)];
:local kid2lap_j [:pick $check ([:find $check "kid2lap" -1]+9)];
:local tv_j [:pick $check ([:find $check "tv" -1]+4)];
:local kid1mob_i [/interface get kid1mob disabled]; #var will be true if interface is disabled
:local kid2mob_i [/interface get kid2mob disabled];
:local kid1lap_i [/interface get kid1lap disabled];
:local kid2lap_i [/interface get kid2lap disabled];
:local tv_i [/interface get TV disabled];
:if ( $kid1mob_j="t" && $kid1mob_i=true) do={/interface/wifiwave2/enable kid1mob}
:if ( $kid1mob_j="f" && $kid1mob_i=false) do={/interface/wifiwave2/disable kid1mob}
:if ( $kid1lap_j="t" && $kid1lap_i=true) do={/interface/wifiwave2/enable kid1lap}
:if ( $kid1lap_j="f" && $kid1lap_i=false) do={/interface/wifiwave2/disable kid1lap}
:if ( $kid2mob_j="t" && $kid2mob_i=true) do={/interface/wifiwave2/enable kid2mob}
:if ( $kid2mob_j="f" && $kid2mob_i=false) do={/interface/wifiwave2/disable kid2mob}
:if ( $kid2lap_j="t" && $kid2lap_i=true) do={/interface/wifiwave2/enable kid2lap}
:if ( $kid2lap_j="f" && $kid2lap_i=false) do={/interface/wifiwave2/disable kid2lap}
:if ( $tv_j="t" && $tv_i=true) do={/interface/wifiwave2/enable TV}
:if ( $tv_j="f" && $tv_i=false) do={/interface/wifiwave2/disable TV}
};
and why so many checks... because when you enable allready enabled WiFi it still do off/on on interface so it's not good
and simple php web page on my my hosting that generate io.json file: index.php
<!DOCTYPE html>
<html lang="en">
<head>
<title>Internet access</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.js"></script>
</head>
<body class="d-flex flex-column ng-cloak">
<div class="container py-2"><div class="row"><div class="col"><h2 class="font-weight-light">Internet</h2>
<p>Configure internet access</p>
<?php
$json_file="io.json";
$kid1mob=$kid1lap=$kid2mob=$kid2lap=$tv=0;
$file = file_get_contents($json_file);
$json = json_decode($file, true);
$kid1mob=$json['kid1mob']!="";
$kid1lap=$json['kid1lap']!="";
$kid2mob=$json['kid2mob']!="";
$kid2lap=$json['kid2lap']!="";
$tv=$json['tv']!="";
?>
<form method="post" action="submit.php">
<div class="form-check form-switch"><input class="form-check-input" type="checkbox" role="switch" id="kid1mob" name="kid1mob" <?php if($kid1mob)echo "checked"; ?> /><label class="form-check-label" for="kid1mob">Kid 1 mobile can access internet</label></div>
<div class="form-check form-switch"><input class="form-check-input" type="checkbox" role="switch" id="kid1lap" name="kid1lap" <?php if($kid1lap)echo "checked"; ?> /><label class="form-check-label" for="kid1lap">Kid 1 laptop can access internet</label></div>
<div class="form-check form-switch"><input class="form-check-input" type="checkbox" role="switch" id="kid2mob" name="kid2mob" <?php if($kid2mob)echo "checked"; ?> /><label class="form-check-label" for="kid2mob">Kid 2 mobile can access internet</label></div>
<div class="form-check form-switch"><input class="form-check-input" type="checkbox" role="switch" id="kid2lap" name="kid2lap" <?php if($kid2lap)echo "checked"; ?> /><label class="form-check-label" for="kid2lap">Kid 2 laptop can access internet</label></div>
<div class="form-check form-switch"><input class="form-check-input" type="checkbox" role="switch" id="tv" name="tv" <?php if($tv)echo "checked"; ?> /><label class="form-check-label" for="tv">TV can access internet</label></div>
<div class="d-grid gap-2 col-6 mx-auto"><button class="btn btn-primary" type="submit">Accept</button></div>
</form></div></div></div></body></html>
and added action script: submit.php
<?php
$json_file="io.json";
$json=['kid1mob' => 0, 'kid1lap' => 0, 'kid2mob' => 0, 'kid2lap' => 0, 'tv' => 0 ];
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
$json=[
'kid1mob' => $_POST["kid1mob"]!="",
'kid1lap' => $_POST["kid1lap"]!="",
'kid2mob' => $_POST["kid2mob"]!="",
'kid2lap' => $_POST["kid2lap"]!="",
'tv' => $_POST["tv"] !=""
];
file_put_contents($json_file, json_encode($json));
}
?>
<!DOCTYPE html>
<html lang="en">
<meta http-equiv="Refresh" content="0; url='https://mywebpage.com/net'" />
<head></head><body></body></html>
and that's all, from everywhere me and wife can enable/disable internet per kid per device using simple web page
and secured the page with password on cpanel