Hi,
I want to establish rules for my kids on this beginning scholar year ...(lol)
As more and more homework is based on web searches, blocking wireless access wouldn't be a correct solution.
They mostly use Live Messenger and Facebook to tchat.
I tried to configure a restriction access rule, using:
-preconfigured layer7 rule msnmessenger: fail
-blocking ports 1863,901, 6891-6900: fail
-HTTP request:webmessenger.msn.commessenger.hotmail.comgateway.messenger.hotmail.com,
loginnet.pasport.com: fail.
All above together: fail...
Is there a way ?
Or using iptables rules, but how to schedule those rules?
I must precise I use a permanent openvpn connection.
Thanks
It seems to be a hard question...
You said you already configured the above Access Restrictions, don't they work?
If they are not working, use wireshark to see what other servers and ports messanger connects to.
I didn't try yet on my router, but it seems that port blocking is useless (ports 80 and 443 are commonly used...).
Under Ubuntu, using firewall to prevent acces to 65.52.0.0/14 (Microsoft registered domain) seems to work.
It prenvents acces to all Microsoft sites, but as my goal is only to block MSN for a limited time it seems perfect, even if it's not very subtle ....
Yes, that's why you can use DD-WRTs access restrictions to block certain domains and protocols
In fact there is a msnmessenger Layer 7 rule in the Access Restriction panel in Tomato, but it is outdated, as now Live Messenger isn't linked to specific ports and can use 80 and 443 standard www ports to connect..
So to prevent connection with Live Messenger you must block all the login websites used by the service.
And in fact that type of blocking doesn't work in Tomato. You can surely block access through iptables, but not as a programmed rule.
I don't remember if dd-wrt provides this sort of blocking facilities, but if yes I will consider reverting to DD-wrt, if you Mod openvpn client section works for me ..
Thanks
Yes checkout:
http://www.dd-wrt.com/demo/Filters.asp
Latest Tomato build have this too. You can block IP adresses, or domains.
Ah and by the way, you can now block any content that uses http, see:
http://www.myopenrouter.com/download/22510/DD-WRT-Kong-Mod-USB-FTP-SAMBA...
So you would be able to filter out for example messenger login pages:-)