Restrict

From Tomato64
Revision as of 16:15, 26 September 2023 by Lancethepants (talk | contribs) (Created page with "<span id="access-restriction"></span> = Access Restriction = The Access Restriction menu contains functions that allow you to block: * Access to the entire Internet. * Access to portions of the the Internet. * WiFi access to the network. Restrictions are done based on rules and a schedule. Access Restriction only blocks traffic routed outbound to the Internet. It '''cannot''' restrict access between (switched) LAN clients. It also cannot block traffic when the device...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Access Restriction

The Access Restriction menu contains functions that allow you to block:

  • Access to the entire Internet.
  • Access to portions of the the Internet.
  • WiFi access to the network.

Restrictions are done based on rules and a schedule.

Access Restriction only blocks traffic routed outbound to the Internet. It cannot restrict access between (switched) LAN clients. It also cannot block traffic when the device is used as a switch only or as a wireless bridge. For those scenarios, see the HOWTOs entitled: Wireless MAC filtering via script/scheduler and Block devices via script/scheduler.


Rules can be customized to block:

  • Only certain sources
  • Only certain destinations
  • Only certain ports
  • Only certain protocols, or applications
  • Only certain HTTP activity
  • Combinations of the above

Rules can be edited in the Web interface, and through scripts. Please see the HOWTO entitled: Scripting Access Restrictions.

Access Restriction Overview

The table in this section displays all saved rules, both active and inactive.

All rules are listed here. However, adding/editing any rules will forward you to another menu where you can edit the rules.


access_restriction_overview_cropped.png

Editing Access Restriction Rules

After clicking on the Overview table mentioned above, you will be taken to the Rule Editing page.

Here:

  • To delete an existing rule, click on it on the Overview page, then in Rule Editing, click Delete.
  • To **Edit **an existing rule, click on it on the Overview page, make the changes and click Save.
  • To Add a new rule, click the Add button on the Overview page, configure the changes and click Save.
  • On the Rule Editing page, sequential rule numbers will display at the top left (For example: ID: 01)
  • These numbers will increment by 1 for each new rule you create.



access_restriction_editing_cropped.png



Enabled: Checking this enables this rule.

Description: Here, you enter a name for this rule.

Schedule: Here, you configure the schedule settings for this rule.

  • All Day - Checking this applies the rule for the entire day (for all days selected in the Day section).
    • Enabling this makes the Time options disappear.
  • Every Day - Checking this applies the rule every day.
    • Enabling this makes the Days options disappear.
  • Time - Here, you set the start time and end time when this rule will be applied.
  • Days - Here, you set the Days on which this rule will be applied.


Type:

  • Normal Access Restriction - Sets the rule to include all options set below the "Disable Wireless" option.
  • Disable Wireless - This rule will disable all WiFi interfaces on the router.


Applies To:

  • All Computers/Devices - This rule will apply to all network clients.
  • The Following... - This rule will apply to only the specified network clients.
    • Add clients by entering their MAC or IP address in the MAC/IP Address field, then clicking Add.
    • Clients must be added one at a time.
  • All Except... - This rule will apply to all network clients except the one specified.
    • You can think of this as somewhat similar to a client whitelist.
    • Add clients by entering their MAC or IP address in the MAC/IP Address box, then clicking Add.
    • Clients must be added one at a time.


Blocked Resources:

  • Block All Internet Access - Enabling this blocks all Internet access to the selected network clients.


Port / Application:

More than one rule can be configured, click the Add button to add a rule.

  • Protocol - Choose a protocol to block. Choosing a protocol with fixed ports will grey out the port field.
  • Port - Select a source port/destination port in the dropdown. Then, enter the port number in the next box.
    • This may be greyed out if you choose a fixed protocol in the Protocol field.
  • Application - Select which application to block.
  • Address - Select source and/or destination IP address, then enter the IP address in the next field.


HTTP Request:

In this field, you enter the text which will have the Access Restriction in this rule applied to it.


For example:

An entry that contains: "^begins-with.domain"

will block access to any domain that start with the text "begins-with".

An entry that contains: ".ends-with.net$"

will block any domain that ends with "net" .

An entry that contains: "^www.exact-domain.net"$

will block any entry that begins with "www.exact-domain" and ends with ".net"

    • HTTP Requested Files: **

This function will block download of certain file types, including the following:

  • ActiveX - This will block Windows controls (which usually have a .ocx or .cab file ending).
  • Flash (swf) - This option will block Flash .swf files.
  • Java (class, jar) - This option will block Java (usually class or .jar) files.


Delete: Deletes the Access Restriction rule displayed on the screen.

Save: Saves the current rule displayed on the screen.

Cancel: Cancels the current rule change(s) or creation, and returns you to the Access Restriction Overview page.


Retrieved from "https://tomato64.org/w/index.php?title=Restrict&oldid=73"