Showing results for 
Search instead for 
Did you mean: 

How To Block/Unblock Internet Access For A Single Device/IP via Command Line on AsusWRT?

Level 9

Hello. I have an Asus GS-AX3000 and connected to it I have a device that insists upon having an internet connection (don't know why) about every 30 days. If it does not, it simply stops functioning and starts beeping all the time. Otherwise, I have no reason at all to allow this device to have internet access. So using the AsusWRT UI I can block it. But after about 30 days, I have to unblock it (and seemingly restart the firewall as well) in order to make it function and stop its infernal beeping and then block it again after that.

This is all rather a PIA to do manually and if I am not around, the device is useless until I get back and do all of this. So I want to try and do this via the command line on a schedule somehow. I have seen other discussions of this on the web but I have failed to location a really clear solution. I know now that when the device is blocked I can see the following using iptables -L for the device (no such entry exists when the device is unblocked):

DROP all -- anywhere anywhere MAC <<mac address here in ALL CAPS>>

So I am thinking that using iptables somehow I can drop this, restart the firewall, and re-add it. And perhaps I can use cron to schedule this every 29 days.

But I am such a newbie - especially to iptables - I have no idea how to accomplish this. So any help is appreciated greatly. Thanks!


Level 14

You’re being modest…

I do everything via the interface.  For example for your case I would “compromise”, use the parental controls available, say it allows once a week access, then it would be allowed internet access 4 times a month, vs the desired 1 time.

(I’m afraid I don’t know how it works at all, never tried to limit my son’s access.  He just recently turned 18 so I’ll probably never need parental controls as he’s an only child)…

(Sorry not helpful).

Yesterday, someone on SNB forum suggested using parental controls. I had never looked at it before. It seems that when I block a device's access completely to the internet via the network map UI, it is turning this on AND blacking using that mechanism. I never realized it before because I never looked (foolish me)...

So in looking further, it seems that this mechanism, if time-based, is - as you point out - weekly-oriented, not monthly. At first, I thought this too open as I really want it only once per month. But I think your point is well taken that the convenience factor is important too. So I think I have it locked-up except for the last hour of every Saturday.

Meanwhile, in poking around trying to find a command-line "answer" I discovered in the results of the command

nvram getall

a number of entries starting with MULTIFILTER_ that appear to correspond to the parental controls I have been fiddling with. It seems at least possible that I could alter these values in a script, persist those changes, and then reboot the router to have the changes take effect.

All this seems more effort than it is worth... Thanks!