I've recently setup 2 older systems for my daughters (6 and 8) to use mainly for email and web surfing. They are really only interested in going to a few sites, and until they become more savvy I'd like to restrict their access to only those sites I explicitly approve. I've spent a fair amount of time reading, and am able to get bits and pieces of how I might do this, but am not seeing the big picture. It looks to me like access rules are only "deny" - kind of the opposite of what I want. I then see reference to "iptable" entries or "scripts" as a possible solution, both of which I am not familiar with. Is there anyone who has implemented this type of "whitelist" style restriction by mac/ip address for machines on the lan? Would someone be willing to hold my hand a little or point me to a detailed guide as to how I might do this? I'm reasonably knowledgeable with regard to networking and have dealt with many different types of routers used for home networking. However, I think that what I am trying to do now has slightly exceeded my capability, and am hoping someone can help. Thanks in advance.