Site Tools


restrict-edit
You were redirected here from restrict.

Access Restriction

The Access Restriction menu contains functions that let you block:


  • Access to the entire Internet.
  • Access to portions of the the Internet.
  • WiFi access to the network.


Access Restriction rules only apply to HTTP (unencrypted) connections. However, almost all web connections now use HTTPS (secure HTTP). As a result, this function is somewhat obsolete in terms of its ability to block Internet content.

Restrictions are done based on rules and a schedule.

Access Restriction only blocks traffic routed outbound to the Internet. It cannot restrict access between (switched) LAN clients. It also cannot block traffic when the device is used as a wireless bridge. For such scenarios, see the HOWTOs entitled: Wireless MAC filtering via script/scheduler and Block devices via script/scheduler.


Rules can be customized to block:


  • Only certain sources
  • Only certain destinations
  • Only certain ports
  • Only certain protocols, or applications
  • Only certain HTTP activity
  • Combinations of the above


Rules can be edited in the Web interface, and through scripts.

See this HOWTO: Scripting Access Restrictions.

Access Restriction Overview

The table here displays all saved rules, both active and inactive.

All rules are listed here. However, adding/editing rules forwards you to another menu where you edit them.



Editing Access Restriction Rules

After clicking on the Overview table mentioned above, you will be taken to the Rule Editing page.

Here:


  • To delete an existing rule, click on it on the Overview menu,
    then in Rule Editing, click Delete.
  • To Edit an existing rule, click on it on the Overview menu,
    make the changes and click Save.
  • To Add a new rule, click the Add button on the Overview menu,
    configure the changes and click Save.
  • On the Rule Editing page, sequential rule numbers will display
    at the top left (For example: ID: 01)
  • These numbers will increment by 1 for each new rule you create.




Enabled: checking this enables this rule.


Description: here, you enter a name for this rule.


Schedule: here, configure the schedule settings for this rule.


  • All Day - checking this applies the rule for the entire day
    (for all days selected in the Day section). Enabling this
    makes the Time options disappear.
  • Every Day - checking this applies the rule every day.
    Enabling this makes the Days options disappear.
  • Time - here, set the start time/end time the rule will be applied.
  • Days - here, set the Days on which this rule will be applied.


Type:

  • Normal Access Restriction - sets the rule to include all
    options set below the “Disable Wireless” option.
  • Disable Wireless - this rule will disable all router WiFi interfaces.


Applies To:

  • All Computers/Devices - this rule will apply to all network clients.
  • The Following… - the rule will apply to only the specified network clients.
    Add clients by entering their MAC or IP address in the MAC/IP Address field,
    then clicking Add. Clients must be added one at a time.
  • All Except… - the rule will apply to all network clients except the one specified.
    Think of this as similar to a client whitelist.
    Add clients by entering their MAC or IP address in the MAC/IP
    Address box, then clicking Add. Clients must be added one at a time.


Blocked Resources:

  • Block All Internet Access - blocks all Internet access to the selected clients.


Port / Application:

More than one rule can be configured, click the Add button to add a rule.


  • Protocol - choose a protocol to block. Choosing a
    protocol with fixed ports will grey out the port field.
  • Port - select a source port/destination port.
    Then, enter the port number in the next box.
    This may be greyed out if you chose a fixed protocol
    in the Protocol field.
  • Application - select which application to block.
  • Address - select source and/or destination IP address,
    then enter the IP address in the next field.



HTTP Request:

In this field, enter the text on which the Access Restrictions in this rule will be applied.


For example:

An entry that contains: “^begins-with.domain"

will block access to any domain that start with the text “begins-with”.


An entry that contains: ”.ends-with.net$"

will block any domain that ends with “net” .


An entry that contains: “^www.exact-domain.net"$

will block any entry that begins with “www.exact-domain” and ends with ”.net“


HTTP Requested Files:

This function will block downloads of certain file types, including:

  • ActiveX - this will block Windows controls (which usually have
    an.ocx or .cab file ending).
  • Flash (swf) - this option will block Flash .swf files.
  • Java (class, jar) - this option blocks Java (usually class or .jar) files.



Delete: deletes the Access Restriction rule displayed on the screen.


Save: saves the current rule displayed on the screen.


Cancel: cancels the current rule change(s)/creation, returns you to Access Restriction Overview.




restrict-edit.txt · Last modified: 2024/11/27 01:53 by hogwild