Bloat » Cerowrt

kmod-ipt-ipopt is not currently installed by default. It is built and can be installed manually, but has mild issues with UTC vs your timezone and has no gui interface

https://dev.openwrt.org/ticket/7229

opkg install iptables-mod-ipopt # is also needed...

then you have fun installing it via a command line and rolling a script for it:

#!/bin/sh

KIDSSTART=06:00
KIDSEND=21:15
KIDSMAC="00:0F:EA:91:04:08"

iptables -N BADKIDS
iptables -N KIDS

iptables -A BADKIDS -m time --timestart $KIDSSTART --timestop $KIDSSTOP -j ACCEPT
iptables -A BADKIDS -j DROP

for i in $KIDSMAC
do
iptables -A KIDS -m mac --mac-source $i -j BADKIDS
done

iptables -A INPUT -j KIDS # might be some other chain

being able to block 'X' by time of day is interesting enough - and un-dangerous enough - for me to want to give learning lua a shot by trying it.

That said, I HATE having everything time of day related going through another firewall rule, so I'd probably try to do it with cron instead inserting/deleting the rule dyamically.

Or maybe a module for blocking macs by time of day already exists in luci or out of tree?

There's another prerequisite for this, we need some code that aligns the in-kernel timezone with whatever is configured in userspace to avoid mismatches between kernel and userspace time representation.
Gargoyle has a little C program for that but its license status is unclear so we should not simply pull it. The issue is also tracked at https://dev.openwrt.org/ticket/9657

I think the best place to implement the time syncing would be within the busybox "date" applet, in the existing time setting code.

Does anybody really know what time it is?

Concur with jow's comments....

and

I dislike the always-on-check the darn time firewall rule as I originally described above.

Checking every packet AND the current time for a couple mac addrs is a lot of overhead to keep your kids in bed.

Cron inserting a rule would be better, as part of a syn-related chain, check these params. (this wouldn't keep gamers out tho)