Difference between revisions of "Manual:Kid-control"

From MikroTik Wiki
Jump to: navigation, search
(Devices)
 
(17 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 +
__TOC__
 +
 
{{Versions| 6.41 }}
 
{{Versions| 6.41 }}
  
"Kid control" is a parental control feature to limit internet connectivity for kids. It is a work in progress.
+
==Summary==
 +
 
 +
"Kid control" is a parental control feature to limit internet connectivity for LAN devices.
 +
 
 +
==Kid Control==
 +
 
 +
<p id="shbox"><b>Sub-menu:</b> <code>/ip kid-control</code>
 +
</p>
 +
 
 +
 
 +
In this menu it is possible to create a profile for each Kid and restrict internet accessibility.
 +
 
 +
 
 +
{{Mr-arg-table-h
 +
|prop=Property
 +
|desc=Description
 +
}}
 +
 
 +
{{Mr-arg-ro-table
 +
|arg=name
 +
|type=string
 +
|desc=Name of the Kids profile
 +
}}
 +
 
 +
{{Mr-arg-ro-table
 +
|arg=mon,tue,wed,thu,fri,sat,sun
 +
|type=time
 +
|desc=Each day of week. Time of day is selected, when internet access should be allowed
 +
}}
 +
 
 +
 
 +
{{Mr-arg-ro-table
 +
|arg=disabled
 +
|type=yes {{!}} no
 +
|desc=Whether restrictions is enabled
 +
}}
 +
 
 +
{{Mr-arg-ro-table
 +
|arg=rate-limit
 +
|type=string
 +
|desc=Maximum available data rate for flow
 +
}}
 +
 
 +
{{Mr-arg-ro-table-end
 +
|arg=tur-mon,tur-tue,tur-wed,tur-thu,tur-fri,tur-sat,tur-sun
 +
|type=time
 +
|desc=Time unlimited rate. Time of day is selected, when internet access should be unlimited
 +
}}
 +
 
 +
 
 +
Time unlimited rate parameters have higher priority than <var>rate-limit</var> parameter.
 +
 
 +
==Devices==
 +
 
 +
<p id="shbox"><b>Sub-menu:</b> <code>/ip kid-control device</code>
 +
</p>
  
Kid names and weekly schedule are added under "/'''tool kid-control'''". For each day of week (mon,tue,wed,thu,fri,sat,sun) time of day is selected, when internet access should be allowed.
 
ometimes kids need internet to make homework. But, they will watch videos instead of learning if unlimited internet access is allowed. In this case rate-limiting internet speed could be the solution. It can be done with "rate-limit" and "time-rate-limited" attributes.
 
  
Kid could have multiple internet connected devices (phone, tablet, gaming console, tv etc.). All of them should be assigned to the kid under "/tool kid-control device". Device is identified by IP address. It is possible to assign whole subnet to kids devices using netmask.  
+
This sub-menu contains information if there is multiple connected devices to internet (phone, tablet, gaming console, tv etc.). Device is identified by MAC address that is retrieved from the ARP table. The appropriate IP address is taken from there.
  
It is possible to pause internet access for kid even when schedule allows it. It is done by command
 
  
  /tool kid-control pause
+
{{Mr-arg-table-h
      [kid1,kid2,....] - list of kids to pause (if none selected, then pause all)
+
|prop=Property
      duration - if specified, then automatically resume internet access after specified duration
+
|desc=Description
      till - if specified, then automatically resume internet access at given time
+
}}
  
to resume internet access, use command
+
{{Mr-arg-ro-table
 +
|arg=name
 +
|type=string
 +
|desc=Name of the device
 +
}}
 +
 
 +
{{Mr-arg-ro-table
 +
|arg=mac-address
 +
|type=string
 +
|desc=Devices mac-address
 +
}}
 +
 
 +
{{Mr-arg-ro-table
 +
|arg=user
 +
|type=string
 +
|desc=To which profile append the device
 +
}}
 +
 
 +
{{Mr-arg-ro-table-end
 +
|arg=reset-counters
 +
|type=[id, name]
 +
|desc=Reset bytes-up and bytes-down counters.
 +
}}
 +
 
 +
==Example==
 +
 
 +
With following example we will restrict access for Peters mobile phone:
 +
* Disabled internet access on Monday,Wednesday and Friday
 +
* Allowed unlimited internet access on:
 +
** Tuesday
 +
** Thursday from 11:00-22:00
 +
** Sunday 15:00-22:00
 +
* Limited bandwidth to 3Mbps for Peters mobile phone on Saturday from 18:30-21:00
 +
 
 +
<pre>
 +
[admin@MikroTik] > /ip kid-control add name=Peter mon="" tur-tue="00:00-24h" wed="" tur-thu="11:00-22:00" fri="" sat="18:30-22:00" tur-sun="15h-21h" rate-limit=3M
 +
[admin@MikroTik] > /ip kid-control device add name=Mobile-phone user=Peter mac-address=FF:FF:FF:ED:83:63
 +
</pre>
  
  /tool kid-control resume
 
      [kid1,kid2,....] - list of kids to resume (if none select, then resume all)
 
  
 
Internet access limitation is implemented by adding dynamic firewall filter rules or simple queue rules. Here are example firewall filter rules:
 
Internet access limitation is implemented by adding dynamic firewall filter rules or simple queue rules. Here are example firewall filter rules:
  
  1  D ;;; tablet, kid-control
+
<pre>
    chain=forward action=reject src-address=192.168.90.0/24
+
[admin@MikroTik] > /ip firewall filter print
+
 
2  D ;;; tablet, kid-control
+
1  D ;;; Mobile-phone, kid-control
    chain=forward action=reject dst-address=192.168.90.0/24
+
      chain=forward action=reject src-address=192.168.88.254
 
+
 
  3 D ;;; pc, kid-control
+
2  D ;;; Mobile-phone, kid-control
    chain=forward action=reject src-address=192.168.89.32
+
      chain=forward action=reject dst-address=192.168.88.254
    
+
</pre>
  4  D ;;; pc, kid-control
+
 
     chain=forward action=reject dst-address=192.168.89.32
+
Dynamically created simple queue:
 +
 
 +
<pre>
 +
[admin@MikroTik] > /queue simple print
 +
Flags: X - disabled, I - invalid, D - dynamic
 +
 
 +
  1 D ;;; Mobile-phone, kid-control
 +
      name="queue1" target=192.168.88.254/32 parent=none packet-marks="" priority=8/8 queue=default-small/default-small limit-at=3M/3M max-limit=3M/3M burst-limit=0/0
 +
      burst-threshold=0/0 burst-time=0s/0s bucket-size=0.1/0.1
 +
</pre>
 +
 
 +
It is possible to monitor how much data use specific device:
 +
<pre>
 +
[admin@MikroTik] > /ip kid-control device print stats
 +
 
 +
Flags: X - disabled, D - dynamic, B - blocked, L - limited, I - inactive
 +
#    NAME                                                                                                                IDLE-TIME    RATE-DOWN   RATE-UP  BYTES-DOWN    BYTES-UP
 +
  1 BI Mobile-phone                                                                                                              30s        0bps      0bps    3438.1KiB      8.9KiB
 +
</pre>
 +
 
 +
 
 +
It is also possible to <b><span style="color:purple">pause</span></b> all restrictions and then <b><span style="color:purple">resume</span></b> them whenever you want it:
 +
 
 +
<pre>
 +
[admin@MikroTik] > /ip kid-control pause Peter
 +
[admin@MikroTik] > /ip kid-control print
 +
Flags: X - disabled, P - paused, B - blocked, L - rate-limited
 +
#  NAME                                                                                                                    SUN      MON      TUE      WED      THU      FRI     SAT   
 +
0 PB Peter                                                                                                                15h-21h                            11h-22h          18:30h-22h
 +
</pre>
  
 
[[Category:Manual|First time]]
 
[[Category:Manual|First time]]
 
[[Category:Basic|First time]]
 
[[Category:Basic|First time]]

Latest revision as of 14:17, 11 March 2020

Version.png

Applies to RouterOS: 6.41

Summary

"Kid control" is a parental control feature to limit internet connectivity for LAN devices.

Kid Control

Sub-menu: /ip kid-control


In this menu it is possible to create a profile for each Kid and restrict internet accessibility.


Property Description
name (string) Name of the Kids profile
mon,tue,wed,thu,fri,sat,sun (time) Each day of week. Time of day is selected, when internet access should be allowed
disabled (yes | no) Whether restrictions is enabled
rate-limit (string) Maximum available data rate for flow
tur-mon,tur-tue,tur-wed,tur-thu,tur-fri,tur-sat,tur-sun (time) Time unlimited rate. Time of day is selected, when internet access should be unlimited


Time unlimited rate parameters have higher priority than rate-limit parameter.

Devices

Sub-menu: /ip kid-control device


This sub-menu contains information if there is multiple connected devices to internet (phone, tablet, gaming console, tv etc.). Device is identified by MAC address that is retrieved from the ARP table. The appropriate IP address is taken from there.


Property Description
name (string) Name of the device
mac-address (string) Devices mac-address
user (string) To which profile append the device
reset-counters ([id, name]) Reset bytes-up and bytes-down counters.

Example

With following example we will restrict access for Peters mobile phone:

  • Disabled internet access on Monday,Wednesday and Friday
  • Allowed unlimited internet access on:
    • Tuesday
    • Thursday from 11:00-22:00
    • Sunday 15:00-22:00
  • Limited bandwidth to 3Mbps for Peters mobile phone on Saturday from 18:30-21:00
[admin@MikroTik] > /ip kid-control add name=Peter mon="" tur-tue="00:00-24h" wed="" tur-thu="11:00-22:00" fri="" sat="18:30-22:00" tur-sun="15h-21h" rate-limit=3M
[admin@MikroTik] > /ip kid-control device add name=Mobile-phone user=Peter mac-address=FF:FF:FF:ED:83:63


Internet access limitation is implemented by adding dynamic firewall filter rules or simple queue rules. Here are example firewall filter rules:

[admin@MikroTik] > /ip firewall filter print

1  D ;;; Mobile-phone, kid-control
      chain=forward action=reject src-address=192.168.88.254 

2  D ;;; Mobile-phone, kid-control
      chain=forward action=reject dst-address=192.168.88.254

Dynamically created simple queue:

[admin@MikroTik] > /queue simple print
Flags: X - disabled, I - invalid, D - dynamic 

 1  D ;;; Mobile-phone, kid-control
      name="queue1" target=192.168.88.254/32 parent=none packet-marks="" priority=8/8 queue=default-small/default-small limit-at=3M/3M max-limit=3M/3M burst-limit=0/0 
      burst-threshold=0/0 burst-time=0s/0s bucket-size=0.1/0.1 

It is possible to monitor how much data use specific device:

[admin@MikroTik] > /ip kid-control device print stats

Flags: X - disabled, D - dynamic, B - blocked, L - limited, I - inactive 
 #    NAME                                                                                                                 IDLE-TIME    RATE-DOWN   RATE-UP   BYTES-DOWN     BYTES-UP
 1 BI Mobile-phone                                                                                                               30s         0bps      0bps    3438.1KiB       8.9KiB


It is also possible to pause all restrictions and then resume them whenever you want it:

[admin@MikroTik] > /ip kid-control pause Peter 
[admin@MikroTik] > /ip kid-control print
Flags: X - disabled, P - paused, B - blocked, L - rate-limited 
 #   NAME                                                                                                                    SUN      MON      TUE      WED      THU      FRI      SAT     
 0 PB Peter                                                                                                                 15h-21h                             11h-22h          18:30h-22h