Firewall to beat the kids
Discussion
Hi guys
I’m trying to find a hardware firewall to sit between our Sky router and the street. Primarily because I want to be able to turn the WiFi off at night (whilst allowing some devices through), but stopping my teenagers from using it.
On device management is out because they have circumvented various systems with VPNs etc and the Sky system has removed the parental controls for some mad reason.
I’m therefore thinking that some sort of physical device on the street side of our Sky router is the only answer. Does anyone have any suggestions? I don’t want to turn the whole thing off with a basic timer because various systems at home need it to be available 24/7
Cheers
I’m trying to find a hardware firewall to sit between our Sky router and the street. Primarily because I want to be able to turn the WiFi off at night (whilst allowing some devices through), but stopping my teenagers from using it.
On device management is out because they have circumvented various systems with VPNs etc and the Sky system has removed the parental controls for some mad reason.
I’m therefore thinking that some sort of physical device on the street side of our Sky router is the only answer. Does anyone have any suggestions? I don’t want to turn the whole thing off with a basic timer because various systems at home need it to be available 24/7
Cheers
You comfortable with Raspberry Pi build / usage? If so https://keexybox.org/parental-control/
Thanks guys , the Raspberry might work although it’s 30 years since I programmed anything!! Plus it depends how it connects as the kids machines are Ethernet into the router rather than on WiFi.
I should have also have mentioned that I’ve got a Linksys mesh running on the house side too, so I might hardwire their machines into one of the boxes and hide the Sky box in a wall with the WiFi turned off
I should have also have mentioned that I’ve got a Linksys mesh running on the house side too, so I might hardwire their machines into one of the boxes and hide the Sky box in a wall with the WiFi turned off
Bowside said:
Thanks guys , the Raspberry might work although it’s 30 years since I programmed anything!! Plus it depends how it connects as the kids machines are Ethernet into the router rather than on WiFi.
I should have also have mentioned that I’ve got a Linksys mesh running on the house side too, so I might hardwire their machines into one of the boxes and hide the Sky box in a wall with the WiFi turned off
The Linksys mesh should have the controls you need.I should have also have mentioned that I’ve got a Linksys mesh running on the house side too, so I might hardwire their machines into one of the boxes and hide the Sky box in a wall with the WiFi turned off
TownIdiot said:
Bowside said:
Thanks guys , the Raspberry might work although it’s 30 years since I programmed anything!! Plus it depends how it connects as the kids machines are Ethernet into the router rather than on WiFi.
I should have also have mentioned that I’ve got a Linksys mesh running on the house side too, so I might hardwire their machines into one of the boxes and hide the Sky box in a wall with the WiFi turned off
The Linksys mesh should have the controls you need.I should have also have mentioned that I’ve got a Linksys mesh running on the house side too, so I might hardwire their machines into one of the boxes and hide the Sky box in a wall with the WiFi turned off
Personally I’d connect everything with wifi, can’t imagine the kids are doing anything that needs more bandwidth than WiFi can provide
Bowside said:
Plus it depends how it connects as the kids machines are Ethernet into the router rather than on WiFi.
Put their PCs into a switch, plug the switch into the router, put the switch on a mains time switch plug. Hire a bouncer to stop them fiddling with this setup each evening.miniman said:
You comfortable with Raspberry Pi build / usage? If so https://keexybox.org/parental-control/
The kids will probably know their way round a Pi better than the parents and block them from the network.The only way to block access is to disable the connection completely.
There are numerous ways around firewalls for outbound (client) traffic.
Block by IP address? No problem, just change IP address.
Block by MAC address? No problem, change MAC address.
Block various protocols? No problem, use a VPN (usually an SSL VPN which uses port 443 - and as the majority of websites operate on SSL these days, you need port 443 open for web access).
One good solution is to use a decent managed switch, and only permit specific MAC addresses which will prevent MAC spoofing.
Put that switch on a VLAN which isn't part of the main network, and then (completely) block that VLAN on the firewall during specific hours.
You will obviously need to (physically) secure access to the switch and router to prevent swapping of cables to different ports.
This doesn't prevent circumventing the WiFi of course, but the way to solve that is to schedule the WiFi access as well (this requires a WiFi router with that functionality).
This is all quite elaborate, but necessary if you are seruious about blocking access during certain hours.
There are numerous ways around firewalls for outbound (client) traffic.
Block by IP address? No problem, just change IP address.
Block by MAC address? No problem, change MAC address.
Block various protocols? No problem, use a VPN (usually an SSL VPN which uses port 443 - and as the majority of websites operate on SSL these days, you need port 443 open for web access).
One good solution is to use a decent managed switch, and only permit specific MAC addresses which will prevent MAC spoofing.
Put that switch on a VLAN which isn't part of the main network, and then (completely) block that VLAN on the firewall during specific hours.
You will obviously need to (physically) secure access to the switch and router to prevent swapping of cables to different ports.
This doesn't prevent circumventing the WiFi of course, but the way to solve that is to schedule the WiFi access as well (this requires a WiFi router with that functionality).
This is all quite elaborate, but necessary if you are seruious about blocking access during certain hours.
TonyRPH said:
The only way to block access is to disable the connection completely.
There are numerous ways around firewalls for outbound (client) traffic.
Block by IP address? No problem, just change IP address.
Block by MAC address? No problem, change MAC address.
Block various protocols? No problem, use a VPN (usually an SSL VPN which uses port 443 - and as the majority of websites operate on SSL these days, you need port 443 open for web access).
One good solution is to use a decent managed switch, and only permit specific MAC addresses which will prevent MAC spoofing.
Put that switch on a VLAN which isn't part of the main network, and then (completely) block that VLAN on the firewall during specific hours.
You will obviously need to (physically) secure access to the switch and router to prevent swapping of cables to different ports.
This doesn't prevent circumventing the WiFi of course, but the way to solve that is to schedule the WiFi access as well (this requires a WiFi router with that functionality).
This is all quite elaborate, but necessary if you are seruious about blocking access during certain hours
Kids will literally just snoop on the neighbours wifi or ask them/steal the creds to get on. All they need is one dotty old neighbour or a door left ajar to take a photo of the back of the router for the default password that hasn't been changed.There are numerous ways around firewalls for outbound (client) traffic.
Block by IP address? No problem, just change IP address.
Block by MAC address? No problem, change MAC address.
Block various protocols? No problem, use a VPN (usually an SSL VPN which uses port 443 - and as the majority of websites operate on SSL these days, you need port 443 open for web access).
One good solution is to use a decent managed switch, and only permit specific MAC addresses which will prevent MAC spoofing.
Put that switch on a VLAN which isn't part of the main network, and then (completely) block that VLAN on the firewall during specific hours.
You will obviously need to (physically) secure access to the switch and router to prevent swapping of cables to different ports.
This doesn't prevent circumventing the WiFi of course, but the way to solve that is to schedule the WiFi access as well (this requires a WiFi router with that functionality).
This is all quite elaborate, but necessary if you are seruious about blocking access during certain hours
If you don't want kids using the internet from X to Y time, you more or less need to take the devices from them unless yours is the only wifi available: for most of the country there will be more than just the parental wifi available.
CraigyMc said:
Kids will literally just snoop on the neighbours wifi or ask them/steal the creds to get on. All they need is one dotty old neighbour or a door left ajar to take a photo of the back of the router for the default password that hasn't been changed.
If you don't want kids using the internet from X to Y time, you more or less need to take the devices from them unless yours is the only wifi available: for most of the country there will be more than just the parental wifi available.
I think the OP is trying to prevent the kids playing games, and they would likely be reluctant to play games on WiFi due to latency (especially if it's 'borrowed' WiFi from the neigbours who may even have a much slower connection.If you don't want kids using the internet from X to Y time, you more or less need to take the devices from them unless yours is the only wifi available: for most of the country there will be more than just the parental wifi available.
Can't you have their PCs on a network and then as administrator lock the devices down at certain times?
Phones you can put on family accounts with Apple/Google and restrict their access on those.
Ultimately the problem you have is lack of respect from/an issue with your children of they can't abide by your wishes. Tell me about it, my son's ADHD and words of warning often go in one ear and out the other before you've even left the room.
Phones you can put on family accounts with Apple/Google and restrict their access on those.
Ultimately the problem you have is lack of respect from/an issue with your children of they can't abide by your wishes. Tell me about it, my son's ADHD and words of warning often go in one ear and out the other before you've even left the room.
skyebear said:
miniman said:
You comfortable with Raspberry Pi build / usage? If so https://keexybox.org/parental-control/
The kids will probably know their way round a Pi better than the parents and block them from the network.Anyone have actual experience of running Keexy,in comparison to pihole?
If they are using ethernet I assume these are desktop PC. Maybe just hand in those power cables at the end of the day. Might not be practical, just a thought but it gets the job done. (Hide the kettle)
There are bundles of ways to do what you want, I remember someone posting before that their kid was doing hard resets on the router. Then they could use the default pw. Maybe if you set up what you need then put it in a locked cabinet you're good.
This to me is quite fun. I would be learning and so are they. Hell you could probably install some kind of software on their computers that handles this. I see there is a market for it so wouldn't surprise me if it exists.
I'm in the process of setting up openwrt on my router. Apparently it can block certain physical ports for times of the day so that would certainly work for you. That might not be too hard of a job and you have the bonus of a better router over the sky one.
There are bundles of ways to do what you want, I remember someone posting before that their kid was doing hard resets on the router. Then they could use the default pw. Maybe if you set up what you need then put it in a locked cabinet you're good.
This to me is quite fun. I would be learning and so are they. Hell you could probably install some kind of software on their computers that handles this. I see there is a market for it so wouldn't surprise me if it exists.
I'm in the process of setting up openwrt on my router. Apparently it can block certain physical ports for times of the day so that would certainly work for you. That might not be too hard of a job and you have the bonus of a better router over the sky one.
Edited by White-Noise on Friday 27th December 13:03
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff