M
M
Maks Dib2016-02-24 16:16:06
Mikrotik
Maks Dib, 2016-02-24 16:16:06

Mikrotik: Make restrictions on access to the network for children (restriction on logins and time on the network, type of traffic, etc.)?

Hello.
In a modern house, a child can no longer only use a smartphone, but also a tablet, PC, laptop, etc. ...
in some houses there are several children.
Task:
1) Make a limit on the use of the Internet for each child, say 1 or 2 hours a day (or 7-14 hours a week). Unused restrictions do not accumulate and are not summed up "for a period"
2) If in the current period they went beyond the access time - a page about the restriction (signature "respectfully, mom";) )
3) Restriction on the type of downloaded content, for example, films if they start downloading - then reduce the download speed to the minimum (so that during the access time you don’t pump up the series for yourself, for viewing when there is no Internet)
4) List of white sites - school, educational materials, etc., for permanent access.
5) Restriction - no access works at night (from 21:30 to 7:30)
6) Of course - restriction about any "adult material"
7) Surely the children will be able to come up with a workaround - you need to "control" this process.
There are certainly many tools available to solve such problems.
I would like to do this on Mikrotik 951, which is installed in the apartment
. Also, a similar solution can be used in all kinds of children's institutions, and children's "independent communities" - for example, a weekend "camp in the forest", or the like.
Thank you.
update: (removed from comments)
-limit != ban
- the desire to make a restriction is only the prerogative and duty of the parent. here we discuss its technical implementation, preferably on the example of Mikrotik equipment, because. there is already rb951
- the Internet provider is not RosTelecom, so we take the secure Internet function from Yandex.DNS "Family"
- we do not make a "final product" for organizations, but a homemade product that can be used, including at family holidays in the country, in the forest , etc ... i.e. temporary secure access.
- user Sergey (@edinorog) asked a lot of correct and tricky questions, for which special thanks to him and "two teas to this gentleman" (c)
- access by time is still implemented using mikrotik hotspot tools, and so far without restrictions for the user profile,

Answer the question

In order to leave comments, you need to log in

5 answer(s)
N
nimbo, 2016-02-24
@nimbo

hotspot, skydns

S
Sergey, 2016-02-24
@edinorog

I never tire of repeating one thing. the toaster is more of a resource for answers. not for learning. you have thrown in a pile of half a hundred pages of settings and are waiting ... and what are you waiting for then? Have you even tried to figure this out yourself? I don't see the push. I see only "I want" "I need" "let's go!". what to give then?

A
Anton Ulanov, 2016-02-24
@antonsr98

this can be done, but you will need to know the mac addresses of the devices that you want to limit in capabilities. Assign static addresses on the network to Mac Addresses, and then you can do whatever you want with them
1+2+5) hotspot+voucher will allow you to limit the time you use the Internet, 4+6) you can give your clients the provider's dns servers, skydns (it helps to limit the Internet for children very much)

G
Gregory, 2016-02-24
@Maxlinus

I think it's easier for you to use such things as "parental control" in the antivirus program ( moicom.ru/parentelskij-kontrol-kasperskij-2015-ili-... ), or a separate program that allows this :)
to block the proxy server at home and issue Internet for children on "coupons" is somehow very dreary :)
and for Mikrotik you will most likely need the user-manager
package wiki.mikrotik.com/wiki/Manual:User_Manager#Getting...
wiki.mikrotik.com/wiki/User_Manager/Customer_page

Z
zavarkin, 2020-08-31
@zavarkin

Mikrotik is not strong here! What you called, it's all set up in a couple of keystrokes in KeeneticOS! I also distribute and register all devices on the network by mac and until I add a device it does not have Internet access, and then I set up an access schedule for each mac directly "from - to" on the scale, and set the speed. You can also do port forwarding on each mac, set DHCP statics on this mac device. And by default, I set up blocking in the firewall on the network by ip of prohibited sites manually, I can easily block any port from both the network and the Internet + convenient setting if you have static, blocking external connections by ip, you can also block by subnets. I am delighted! This is where everything is simple and clear!
(I do not advertise, but I actually bought a Mikrotik and put it on the shelf when I realized that it was very "clumsy" made!)

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question