Blocking MSN - Access Restrictions do not work!

Discussion in 'HyperWRT Firmware' started by JohnF, May 27, 2005.

  1. JohnF

    JohnF Network Guru Member

    I figured out how to block MSN Messanger using the Blocked Services feature on the Access Restrictions tab. I simply block port 443 (https) and MSN cannot log in. This will keep my kids off.

    What I want to do is limit the time of day they can have access to MSN but still access the web. So for example I only want them to use MSN from say 7pm to 8pm, let them surf till 10pm and then shut down access completely and get to bed! I can block HTTPS all the time but that's not what I want to do.

    Another thing,
    do the BLOCKED SERVICES only apply to the given policy or is the policy separate from the Blocked Services. Does that make sense??
  2. DevilStick

    DevilStick Network Guru Member

    Hmm, blocking https (443/tcp) would prevent access to any ssl-protected page and force your kids to use insecure connections to access web mail services, etc.

    Maybe this link will help you. It's german, but when you scroll down, there is a list of ports MSN messengers uses for various services (file transfer, voice, app sharing, ...). Maybe you can block these ports instead of https.
  3. Whatever

    Whatever Network Guru Member

    It took me ages to find out how to block msn however, below is what I have to do to block it:

    Block services 443, 1863, 6891 - 6901 (TCP & UDP)
    Block websites,,, e-messenger
    Block keywords emessenger, webmessenger, hopster

    Rationale - MSN uses a variety of ports. Webmessenger and emessenger are web interfaces that allow a user to use MSN via a remote server. Hopster is a clever program that allows users to bypass firewall/router settings to access MSN.

    It s a bitch of a program that works well and it tough to stop.

    I use these rules to control access for my kids at home.

    Hope this helps.
  4. JohnF

    JohnF Network Guru Member

    use these rules to control access for my kids at home.

    From what I can tell, what you've done blocks MSN altogether at all times.

    How did you set up your router to control the times that they can have or not have access?
  5. Whatever

    Whatever Network Guru Member

    Ihave a number of access polices in place.

    I control the access times through the Access restrictions page using the days and times selections per policy.

    eg: MSN I have blocked 24 x 7
    Internet access I have allowed between 3pm and 9pm

    I have applied this to a range of IP's and set my desktop IP as a fixed IP - my kids havae wireless access via their notebooks and are on dhcp.

  6. JohnF

    JohnF Network Guru Member


    OK but how about the opposite? That is, Internet all the time (more or less) but MSN only between 5 and 7 for example.

    My problem is that my kids (12/15) do not browse other than for homework (no really...) but spend HOURS on MSN chatting with whoever, whatever and forever!! It's non-stop! So I want to somehow limit MSN access to a reasonable time. I was using Surfpass but that became a nuissance for everyone at home since you have to logon everytime so I want to control it from the router.

    On the Access Restrictions page, is the policy you create for Internet AND block services for that policy ONLY? Or are the blocked services regardless of the Policy? That is, I have no policy set up - will it still block the services?

  7. Whatever

    Whatever Network Guru Member

    Each access policy uses the rules set for that policy only. So if you block services in policy 1, they are still available in policy 2 unless you specifically block them in policy 2.

    All the settings in the policy apply to the whole polci. So if you set time, block services, set Ip ranges, and vlock web sites in one policy, they will all apply to that policy only.

    So, to make MSN available for a certain time, I set the policy to enable between certain times as set by me in the top part of the policy.

    Does that make sense or have I confused you further...:)
  8. JohnF

    JohnF Network Guru Member

    No you have not confused me more than I was already! :)

    I understand and it makes sense. I will give it a try.

    My kids are gonna just love me!!
  9. Whatever

    Whatever Network Guru Member

    Yep - kids will definitely love you...hehe

    Wait until other parents find out that you can block MSN and they ask you to do it for them and THEN see how the kids react...

    I have 2 girls 13 & 15 and MSN is off during the week and on sometimes over the weekend if I feel nice...and they wash the car...and they unpack the dishwasher...and they walk the dog...
  10. jagboy

    jagboy Network Guru Member

    wow it is a good thing that my partent are not tech savy. becuase the know almost nothing about computers :D
  11. daft009

    daft009 Guest

    im trying to do something like this too..

    my only query is, i'm not using my wrt54g as a router (nothing plugged into the wan port), just as an access point. my setup is:

    netcomm nb5 adsl modem/router
    | <-- this link is wired
    | <-- this link is wireless
    wireless clients

    can i still make use of the parental control features?
  12. JohnF

    JohnF Network Guru Member

    Access ristrictions do not work??

    I am running the HyperWRT firmware.
    I created a policy called 'kids time', enabled it, allowed internet access, everyday and set a time from 10AM to 10PM. I only added 2 PCs with specific IP addresses to this policy. 192...100 and 192...101 the two that my girls use.

    It is now 11pm and am writing this post from this 'restricted' access PC...

    Does the Access Ristrictions actually work??

  13. boiler

    boiler Network Guru Member

    The policies do work but you may find that the "permit" ones are a little buggy. If you are trying to restrict access times try using just the "restrict" policies.
    It's a little more work but it seems to work.

    If you want to permit access between 8:00 and 10:00 pm, for example, you will need to develop a policy that restricts between 12:00 am and 8:00 pm and another to restrict between 10:00 pm and 12:00.

    Not terribly convenient but it works.

  14. jagboy

    jagboy Network Guru Member

    i think that you could do iptables. try another firmware and see if that helps. like dd-wrt
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice