I figure that should work for a single device reboot, and might even recover from a full house power outage: #try to get ntp for 5 or 10 min To get dd-wrt to use these internal time servers, I have a startup script in ddwrt that cycles between both servers every 90 seconds for about 10 minutes. To get NTP working and thus allow blind "pull the plug to reboot" troubleshooting (so my wife can try to recover a failed system if she calls me), I now run a dockerized NTP time server on both my primary and secondary "servers" (both Raspberry Pis). The dd-wrt blocking ended up being more of a pain in the butt than I wanted because the router wasn't picking up NTP time on a reboot, it always had to be manually entered (in the meantime the clock is wrong and the kiddos are blocked because router thinks it is midnight). So I eventually resorted to having the ddwrt router block the internet during sleeping hours.ĮDIT so no one thinks it just magically works: 😂įor all those wags out there saying more parenting is needed ("get good, you parenting noob!"): Yeah, it is, and we've been working on that for a while, but in the meantime I have a kiddo who won't go to sleep when I ask him to, uses the internet for hours when I'm asleep, ruining his own sleep cycle and falling asleep in school. I've been only slowly making changes because if I break the internet my household starts banging on the door in minutes. I like the Cloudflare DNS with malware filtering, I'm going to have to try switching to that. I don't have a whole solution, but so far we are at PiHole for ads/malware/porn filtering and ddwrt router blocking WAN access from midnight to 7am (because ddwrt doesn't accept blocks crossing midnight e.g. Use deep packet inspection to drop SSH packets? Now you stand a chance (though I'm sure there's some other tunneling protocols you'd have to block too).ĭeep packet inspection is resource intensive and almost certainly not worth it for this use case.ĭo not be surprised if your children learn about these techniques once you impose restrictions Use deep packet inspection at the router to inspect the headers of packets and drop OpenVPN packets? Tunnel traffic over SSH (though this requires some other server for them to connect to) Maintain a list of IP addresses of undesirable sites and block traffic to those IPs? Use a VPN.īlock outbound port 1194? Use a VPN that allows for TCP connections over port 443 (ProtonVPN is a reputable VPN service that provides free servers that support this). NAT all outbound port 53 traffic to your own DNS server and block outbound port 853 traffic? Use DoH.īlock all HTTPS traffic to known DoH servers? Use a VPN. You're probably better off with mobile device management as someone else suggestedįiltering at the DNS level? Use a custom DNS server. A truly foolproof solution at the network level is quite difficult to implement, though this is only relevant based on how determined your children are.
0 kommentar(er)
