"Kid control" is a parental control feature to limit internet connectivity for LAN devices.
In this menu it is possible to create a profile for each Kid and restrict internet accessibility.
|name (string)||Name of the Kids profile|
|mon,tue,wed,thu,fri,sat,sun (time)||Each day of week. Time of day is selected, when internet access should be allowed|
|disabled (yes | no)||Whether restrictions is enabled|
|rate-limit (string)||Limit allowed amount of traffic|
|time-rate-limited (time)||How long to limit allowed amount of traffic|
Parameters rate-limit and time-rate-limited have to be configured together. Both limitations will work only when internet access for concrete profile is allowed.
/ip kid-control device
This sub-menu contains information if there is multiple connected devices to internet (phone, tablet, gaming console, tv etc.). Device is identified by MAC address that is retrieved from the ARP table. The appropriate IP address is taken from there. It is possible to assign whole subnet to kids devices using netmask.
|mac-address (string)||Devices mac-address|
|user (string)||To which profile to add the device|
With following example we will restrict access for Peters mobile phone:
- Disabled internet access on Monday,Tuesday,Wednesday and Friday
- Allowed internet access on:
- Thursday from 11:00-22:00
- Saturday from 18:30-21:00
- Sunday 15:00-22:00
- Limited bandwidth to 3Mbps for Peters mobile phone on Thursday from 20:45-22:00
[admin@MikroTik] > /ip kid-control add name=Peter mon="" tue="" wed="" thu="11:00-22:00" fri="" sat="18:30-22:00" sun="15:00-21:00" rate-limit=3M time-rate-limited=4d20:45:00-4d22:00:00 [admin@MikroTik] > /ip kid-control device add name=Mobile-phone user=Peter mac-address=FF:FF:FF:ED:83:63
Internet access limitation is implemented by adding dynamic firewall filter rules or simple queue rules. Here are example firewall filter rules:
[admin@MikroTik] > /ip firewall filter print 1 D ;;; Limit1, kid-control chain=forward action=reject src-address=192.168.88.254 2 D ;;; Limit1, kid-control chain=forward action=reject dst-address=192.168.88.254
Dynamically created simple queue:
[admin@MikroTik] > /queue simple print Flags: X - disabled, I - invalid, D - dynamic 1 D ;;; Mobile-phone, kid-control name="queue1" target=192.168.88.254/32 parent=none packet-marks="" priority=8/8 queue=default-small/default-small limit-at=3M/3M max-limit=3M/3M burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s bucket-size=0.1/0.1