Whitelist access restriction feature request

Discussion in 'Tomato Firmware' started by Trademark, Dec 8, 2011.

  1. Trademark

    Trademark Network Guru Member

    Toastman/Teaman/Teddy Bear/Victek/Shibby-

    I would like to make a feature request for future tomato releases. In "Access Restrictions" you have always been able to blacklist a url for a specific ip/mac address, but you currently can't do the opposite and whitelist specific url's per ip/mac. Could this please be added? It would make it much easier for concerned parents or even small office/home office situations to only allow access to a list of url's while blocking everything else. I am aware this can be done in firewall IP tables, but a GUI option in access restrictions would be really helpful and make it a breeze to give, say my 6-10 year old family members or lazy surf happy co-workers, to get on a computer without having to worry about them accessing inappropriate content. I would gladly make a donation to any developer reading this if it could be done. Much appreciated and thanks for the great firmwares!
  2. Craig Taranto

    Craig Taranto Serious Server Member

    I second this request. Having an "allow list" for the kids would be excellent. I also second the donation idea.
  3. shadowken

    shadowken Networkin' Nut Member

    Have you tried to use Opendns or Dyndns services to block such inappropriate content ?
  4. Craig Taranto

    Craig Taranto Serious Server Member

    I already use opendns and set up a "blacklist" in tomato. My concern isn't "bad" sites - we've taken care of the bulk of them. The situation is we don't want the kids wasting time on senseless online games during the school week. Granted they are well behaved and do not abuse their online privileges often.

    Say I want to allow my kids to go to 3 specific sites during the school week: The school website, a typing teaching tool, and gmail. I would like the ability to be able, on an IP address level, restrict the sites that are allowed. A bonus would be to do this on a day/time basis as well (like Access Restrictions currently work). I use Access Restrictions as well and turn off the internet on their computers after a certain time during the week.

    If the black list supported "block everything except this and this and this", that would be fine as well.
  5. WRD - EasyTomato

    WRD - EasyTomato Networkin' Nut Member

    This would be a very useful feature. We've seen many times where a white list would be extremely helpful for hospitals and schools. This is on our list for EasyTomato, but our list is long and developer time short, so it's not there yet.

    Once we get some time or some help, we'll put it in our GUI.
  6. Toxic

    Toxic Administrator Staff Member

    Be careful of your advertising. You're a noob on the forum and already plugging your site

    Sent from my GT9100 - CM10 - Tapatalk v2.2.8
  7. WRD - EasyTomato

    WRD - EasyTomato Networkin' Nut Member

    @Toxic: Sorry, not trying to advertise. Is there somewhere that outlines what's ok and what's not? (no links?) We do want to raise awareness about what we're doing (another 100% free Tomato project), but we don't want to go against the rules (or expectations) of the forum.

  8. Elfew

    Elfew Network Guru Member

    It would be great... I have many ideas how to use this features in future...
  9. WRD - EasyTomato

    WRD - EasyTomato Networkin' Nut Member

    We're happy to put this in the GUI now if someone has the code. Our back end tomato guy has a lot less availability than our front end folks. Having a toggle button that switches between blacklist/whitelist seems to be the best way to do it.

    We're also interested in making a splash screen that shows a page has been blocked, rather than just a dropped connection. If anyones done this and wants to share it would also be appreciated.
  10. mstombs

    mstombs Network Guru Member

    I've seen whitelist/blacklist discussed many times, here's a link to one I remember, the "wanout" chain is already used by tomato access restrictions


    I guess you could achieve the splash screen in similar way to the adblocking with pixelserv., but rather than using dns spoofing you would need iptables diverts in "nat PREROUTING" (or an existing custom tomato chain) I think, and a webserver with custom 404 page. I do have a version of pixelserv c-code that serves up an specified gif that might be useful as a lightweight webserver?
  11. Toxic

    Toxic Administrator Staff Member

    We have Terms and conditions, but for new registrations I moderate them so I can scrutinise the post content somewhat more than full Members Posts.

  12. WRD - EasyTomato

    WRD - EasyTomato Networkin' Nut Member

    @mstombs: Great. Thanks for the link. We're working on getting AlexF's HTML5 interface ready now (release next week we hope) and then working on some new bandwidth graphing visuals, but after that this sounds like a good way to do it.

    As for the splash screen, yeah we ran adblocking with pixelserv and had it put in a image on blocked ads. We would hope to get to both of these in the somewhat near future when we have a bit more back end development bandwidth.

    @Toxic: Sounds good. We are actively developing a new Tomato version, so this forum is very helpful to find beta testers, development help, and directing EasyTomato users here for help, but as I said, we're not trying to go against the forum.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice