/ Code

Parental Controls Router on Raspberry Pi

I bought a "cloud enabled" router a few years ago and now I have a "cloud disabled" piece of future landfill.

While it lasted my "Skydog" was OK, doing the basic functions I was hoping for. Then the company was bought and support was discontinued, rendering the device "cloud junk."

To replace it I bought a Belkin AC1200 Gigabit router but this thing is worthless. I've tried a couple of times to get it to work but it's just hopeless for a couple of reasons.

Two reasons it's not working for me. First, it times out trying to connect to NTP. I don't think the Belkiners ever tested their device on a high-latency network. Because it doesn't know what time it is it just ignores all policies and opens up the entire network all the time. Sweet.

Second reason it won't work is it doesn't have individual or grouped policies. This means I can't have some devices shut off at night and others stay connected. All or nothing.

I've built a router using a Raspberry Pi. It uses google calendar for the calendar policy. I created a shared calendar with my wife and read-only access for my daughter. The calendar events have policy names in the description so an "all day" event with "shared" means all the devices in the "shared" policy will not turn off. I have a "limited" policy that turns on access for my tv to update its tv guide, and other devices to do their phone home chores in the middle of the night. These devices have sucked my monthly bandwidth quota dry many times so this is huge for me. I also have weekday and weeknight policies for some of my daughter's devices.

The RPi has a read-only sd card in it. I was getting a lot of failures with constant rw from dns/dhcp/... I created a couple of in-memory filesystems for the log files but it means that the device can't save state across reboots. To save state I have a mysql database with all the devices in it. When the device boots up it gets the list of devices, reconciles with the google calendar and creates an iptables command allowing certain ip addresses through.

I'm also using pihole to provide dns, dnsmasq for dhcp (mysql holds the mac and ip addresses to assign), and I also grab some bandwidth stats using iptables and push them into mysql - though I haven't done anything yet with that data.

By design I don't allow anything on the network to get internet access by default. Our access points all require a password but dhcp hands out ip addresses that don't have access through the pirouter's iptables rules.

The first iteration had the config files all local .csv but that was a pain trying to remember what to do every time a new device came around. That's when I moved to mysql and google calendar which made things a easier on me. Now I'm creating a Node Express app front end to administer the devices. Right now, from the web client, I can delete a device, blacklist a device, and add a device.

At this point I think I need to hire someone to help me with making it easier to add things and to do something useful with the data I collect.

I also need to move from mysql inside the network to a database (RESTful api) upstream. Having the database on a machine inside the network that requires the device to online to configure the network is problematic.

It now uses a REST api. The python clients were rewritten to GET or POST json data instead of mysql. The server was created using express/node.js with nginx proxying. I added secure logins and moved it into EC2. This has made my internal network much easier to manage because the network can now configure itself without any devices other than the pirouter and modem online.

Next stage is to manage and visualize bandwidth by user and device.