My wife is addicted to Facebook, and has asked for help. How can I limit access using DD-WRT?

3

1

Let's start with this: we are only interested in blocking Internet sites during certain parts of the day. (Throttling usage would be even better, but quality software seems to be lacking on that front.) Step 1 is acknowledging you have a problem. Step 2 is working with someone else to come up with an agreeable solution. Slowing things down a bit might actually work in this case.

When I first started researching this, I was thrilled to discover that DD-WRT already had a control for "Access Restrictions", named "WAN Access". All their documentation describes exactly what I was trying to accomplish. The only problem is: it doesn't work! You can see my settings below:

Here are some of the things that I have tried already:

  1. Under "PCs", clicked the button "Edit List of clients"
    • each MAC address of the computers in question must be added to the list
    • this is easy to edit, and is OK
  2. Switched back and forth between "Deny" and "Filter"
    • "Deny" works exactly as expected (all Internet access is blocked instantly)
    • "Filter" does not seem to have effect
  3. Tried blocking by keyword, but all page contents are sent over HTTPS nowadays
    • Included both HTTP and HTTPS versions of the URL
    • Included the port number on the end of each URL for HTTP/HTTPS versions of the URL (counting the versions including the www prefix, this yields a total of eight URLs, pictured below)

Router is a Linksys WRT54GL v1.1, running DD-WRT v24-sp2 (10/10/09) std. Have things just changed so much since 2009 that this firmware can't even throttle traffic anymore?

What am I doing wrong?

enter image description here

Now, this is a different situation than described in the post below. The suggestions in that Q&A are useful, but not even close to what I'm looking for.

How can I block access to Facebook in Google Chrome?

JonathanDavidArndt

Posted 2018-09-11T01:02:50.533

Reputation: 890

Does facebook use much data? Would slowing it down have much effect? Maybe a fixed time delay for every request might work too, like waiting 30-60 seconds for every page/item to load, no matter the size or speed to download – Xen2050 – 2018-09-11T01:40:54.670

I think the blocking by URL probably isn't working also because of https. It depends whether dd-wrt can pull the URL from SNI or DNS which doesn't seem likely. You may need to rely on a separate solution, such as an internal proxy server on your network, or an external service like opendns that lets you block DNS names. – Paul – 2018-09-11T01:46:26.107

@Xen2050 Using NetLimiter on Facebook was amazing... throttling everything back to 10-15% was just what we wanted... but there is no easy way to block individual sites. That may be a topic for a separate question. – JonathanDavidArndt – 2018-09-11T02:06:45.030

What version is the wrt54gl? They have vastly different ram and flash storage between the versions. This is a VERY old router, you can pick up a new router on eBay that would put this to shame for 5-10 bucks. Do yourself a favor and upgrade – Tim_Stewart – 2018-09-11T18:52:38.067

Have you tried using a dns-based filtering system (e.g. opendns)? – TheKB – 2018-09-11T19:17:16.560

@TheKB Based on other responses here, I just started using OpenDNS yesterday. There were lots of great options, but it did not appear possible to block a domain based on time-of-day; it looked like it was all-or-nothing. Still, it's something. – JonathanDavidArndt – 2018-09-12T00:21:04.537

You can also block DNS so devices must use the router's DNS then return bogus or no responses for certain websites but this would fully block them – nijave – 2018-09-12T01:34:48.317

Perhaps a software based solution like Cold Turkey is what you want, then? – TheKB – 2018-09-12T15:30:59.743

I tried to do this with ddwrt unsuccessfully for many years, I eventually purchased ‘freedom’. It’s the only website scheduler I’ve had luck with. – spuder – 2018-10-05T05:52:53.973

Answers

2

Unfortunately DD-WRT does not have this functionality, and probably never will. You can totally block https by schedule, but that's about the extent of the functionality.

You didn't add the model of the router you are using. But I'm willing to bet it's compatible with OpenWRT. You can check here, https://wiki.openwrt.org/toh/start.

Make sure you follow the flash instructions carefully for your device. In most cases going from dd-wrt to openWRT, the web-flash images work from dd-wrt's firmware upgrade tab.

If it is compatible, it's as easy as installing privoxy from the package manager in the web-gui (Luci). Here are instructions to get it going, https://wiki.openwrt.org/doc/howto/proxy.privoxy

I believe you can also do this through luci's parental controls. I have never used the parental controls in OpenWRT, so I can't claim it has any better functionality than dd-wrt. https://openwrt.org/docs/guide-user/firewall/parental-controls

Pfsense & OpenSense also have the functionality you crave. But would need to be put on an old PC, or a PFsense compatible platform.

I stopped using Facebook in 2011, I would suggest you try to convince your wife to do the same. I don't miss it at all.

Hope this helps you and the wife. Regards,

Tim_Stewart

Posted 2018-09-11T01:02:50.533

Reputation: 3 983

While I do not agree that DD-WRT doesn't have this feature (there is clearly a UI for it, just isn't working), this is a very sensible answer overall. This is a very old router (it's like part of the family!) but I really should consider upgrading and putting different firmware on it. – JonathanDavidArndt – 2018-09-17T11:55:56.837

1

This has been a well known issue since... Well since I was using a wrtg54gs v1!! Here is a comment from one of the ddwrt developers on this subject. https://svn.dd-wrt.com//ticket/4942#comment:1

– Tim_Stewart – 2018-09-17T18:08:24.787

Note that ticket is closed as (won't fix). You can find that issue on many other versions as such. As stated in that changelog comment, you need to go through a proxy for that to work – Tim_Stewart – 2018-09-17T18:45:42.257

0

I have some possibilites that might work out.

One possibility is that the router does not support filtering HTTPS. A fix to that might be to add :443 to your entries (which species the HTTPS port). You can also specify both ports by duplicating the entries and having one :80 and one :443. Or try omitting the s in https://facebook.com:443 use http://facebook.com:443.

The router settings ask for a URL (https://www.facebook.com), not an address, so maybe omit the addresses (www.facebook.com) and try that out. (Also try doing that with the step above)

Also make sure that the MAC addresses match up with the appropriate interfaces on the computer. You can use the command ipconfigon Windows or ifconfigfor Unix-like systems (such as GNU/Linux or FreeBSD)

Nicholas Awesomepants

Posted 2018-09-11T01:02:50.533

Reputation: 110

Sadly, adding the port number on each of the URLs does not change anything. – JonathanDavidArndt – 2018-09-11T18:21:48.973

Asked: 2018-09-11T01:02:50.533

Viewed: 7 759 times

Active: 2018-09-17T02:47:02.930