From MikroTik Wiki
Revision as of 12:03, 24 May 2018 by Artursc (talk | contribs)
Jump to navigation Jump to search

Applies to RouterOS: 6.41


"Kid control" is a parental control feature to limit internet connectivity for LAN devices.

Kid Control

Sub-menu: /ip kid-control

In this menu it is possible to create a profile for each Kid and restrict internet accessibility.

Property Description
name (string) Name of the Kids profile
mon,tue,wed,thu,fri,sat,sun (time) Each day of week. Time of day is selected, when internet access should be allowed
disabled (yes | no) Whether restrictions is enabled
rate-limit (string) Limit allowed amount of traffic
time-rate-limited (time) How long to limit allowed amount of traffic

Parameters rate-limit and time-rate-limited have to be configured together. Both limitations will work only when internet access for concrete profile is allowed.


Sub-menu: /ip kid-control device

This sub-menu contains information if there is multiple connected devices to internet (phone, tablet, gaming console, tv etc.). Device is identified by MAC address that is retrieved from the ARP table. The appropriate IP address is taken from there. It is possible to assign whole subnet to kids devices using netmask.

Property Description
mac-address (string) Devices mac-address
user (string) To which profile to add the device


With following example we will restrict access for Peters mobile phone:

  • Disabled internet access on Monday,Tuesday,Wednesday and Friday
  • Allowed internet access on:
    • Thursday from 11:00-22:00
    • Saturday from 18:30-21:00
    • Sunday 15:00-22:00
  • Limited bandwidth to 3Mbps for Peters mobile phone on Thursday from 20:45-22:00
[admin@MikroTik] > /ip kid-control add name=Peter mon="" tue="" wed="" thu="11:00-22:00" fri="" sat="18:30-22:00" sun="15:00-21:00" rate-limit=3M time-rate-limited=4d20:45:00-4d22:00:00
[admin@MikroTik] > /ip kid-control device add name=Mobile-phone user=Peter mac-address=FF:FF:FF:ED:83:63

Internet access limitation is implemented by adding dynamic firewall filter rules or simple queue rules. Here are example firewall filter rules:

[admin@MikroTik] > /ip firewall filter print

1  D ;;; Limit1, kid-control
      chain=forward action=reject src-address= 

2  D ;;; Limit1, kid-control
      chain=forward action=reject dst-address=

Dynamically created simple queue:

[admin@MikroTik] > /queue simple print
Flags: X - disabled, I - invalid, D - dynamic 

 1  D ;;; Mobile-phone, kid-control
      name="queue1" target= parent=none packet-marks="" priority=8/8 queue=default-small/default-small limit-at=3M/3M max-limit=3M/3M burst-limit=0/0 
      burst-threshold=0/0 burst-time=0s/0s bucket-size=0.1/0.1