Disable internet to any device

I found a beautiful post about disabling internet and I really like the idea being able to control how long the children stay on the internet. So i took it futher, wrote a component that creates a switch based on IP or MAC address. If happens that the device is not connected to the network, it will wait until is and than starts disabling internet.
All the “magic” behind is done by ARP spoofing, this is technically a kind of an attack but is done in your network, which is fine but you should read something about it. I was really suprised how it works that there is no easy defence and is quite easy to set up and since than I do not connect to public Wifi hotspots.

You should follow the arpspoof.markdown in order to install.

Here is an example of config

arpspoof:
  interface: eth0
  scan_interval: 40 # in seconds, optional; how often check for online devices, default is 30 sec

switch:
  - platform: arpspoof
    devices:
      test:
        friendly_name: my name # optional
        address: 192.168.1.105
        icon: 'mdi:laptop' # optional
      test2:
        friendly_name: my other name # optional
        address: 'AB:CD:EF:12:34:56'
        icon: 'mdi:cellphone' # optional
7 Likes

pilotak,
Trying this out now. Just one question though, in your arpspoof.markdown file the symlink’s that you reference look like they are all for virtual environments. I actually run homeassistant on Ubuntu 17 (non virtual) and wondered which symlink I should follow? I’ve tried a few of them but they don’t work. Then after I add my switches to homeassistant (and reboot of course) they don’t actually arpspoof. I can still ping the spoofed machine. Where am I going wrong?

mkrice2

Hi if your homeasisstant uses same python packages as you (without virtual environment) then you don’t need symlinks. I use them because homeasisstant is in virt.env and doesn’t know about packages i installed locally. Anyway the problem that i found with this spoofing is that when childen turned off wifi on theier mobile and than back on after a while they had an internet connection. Don’t really know why, but when the wifi was on all the time, it worked fine.

Because of that I bought Mikrotik router which allows me the be in control of firewall, so there is where I drop connections to specific MAC address and close all active connections. Mikrotik has a API which i can control through homeassistant :slight_smile:, you can find component for that in my repo. I have to say that this method is 100% childproof. The only workaround is to change MAC address of phone/pc.

Hi @pilotak this looks pretty awesome, so now I ask the dreaded question… will it work on HassIO? (ie: will the install of scapy be possible?)

I’m not really sure, i’m not using hass.io since I can’t take control over whole raspberry pi and run other things simultaly

Has anyone succeeded in installing this to hassio? This would be a really needed functionality with the kids:wink:

im going to devroot debugging hassio into my hassio setup and see if i can recreate this. ill see how i go and report my outcome shortly

Hello,
I was trying this custom component and I am getting the error
ARP component not initialised!
At the installation stage I could not get the
newgrp homeassistant
command to work as it was asking for a password and I did not have one and the root password didn’t work.

What is your home assistant running on. I’m on hassio and have found this very difficult so far, from what I’ve learnt is that hassio isn’t supported so am trying on my hassbian test rig tonight.

Mine is on a Ubuntu server with Virtual Env.

right i think i have that as well on an ubuntu server i set this one up fromthis link il have a go with this as well but am pretty sure the hassbian install will work.

anyone had any luck installing this on HASSIO.

I install ARP component in hassbian 0.92.2 step by step in arpspoof.markdown
after reboot pi
The log show error :

2019-05-13 06:39:06 ERROR (MainThread) [homeassistant.setup] Setup failed for arpspoof: No setup function defined.
2019-05-13 06:39:17 ERROR (Thread-14) [custom_components.arpspoof.switch] ARP component not initialised!

My file in custom_component is /arpspoof/
init .py
arpspoof.py
manifest.json
switch.py

how to fix it. thanks

Hi i had to drop the support for that one as it is not reliable see above, but i’m open for anyone to contribute

Hi @pilotak
You posted one year ago that you have moved to a Mikrotik router solution. I think I will follow your steps. Since I’m not an IT guy, I’ve been reading a lot the docs at Mikrotik website these past nights. The devices are very flexible, which also means a bit complex to start with. But, hey, life is learning. If you don’t mind, right now I have two questions:

  1. Which router do you use? I was considdering this one My flat is around 110 squared meter and just one floor.
  2. I’ve seen your github. I see the custom component but not the scripts to stop connections. Am I missing something?

Thanks a lot for your guidance!

That’s exacly why chose Mikrotik due to its flexibility.

  1. I use this one and at my friend’s home there is this one where he is using it for the same purpose. But any Mikrotik will be fine
  2. It’s generic component for running scripts not just for disabling internet.

Here is the guide in Mikrotik

  • Create separate login credentials for HASS

  • Create firewall rule: Chain=forward, Src. MAC Address=00:00:00:00:00:00 (select device address), Action=reject, Reject With=icmp admin prohibited after save you will see an id of the rule ie.: 10 (you will use this number in scripts)

  • Give your device static IP address in DHCP section ie.: 192.168.0.100

  • Create script with name internet_tom_on this will enable firewall rule you created above (it will block new connections), next line is also important as it closes all connections made before enabling firewall rule

/ip firewall filter enable 10
:foreach i in=[/ip firewall connection find where src-address~"^192.168.0.100:.*\$"] do={ /ip firewall connection remove $i }
  • Create script with name internet_tom_off
/ip firewall filter disable 10

In HASS config:

script:
internet_tom_on:
    sequence:
      - service: mikrotik.run_script
        data:
          name: internet_tom_on
      - service: input_boolean.turn_on
        data:
          entity_id: input_boolean.internet_tom

  internet_tom_off:
    sequence:
      - service: mikrotik.run_script
        data:
          name: internet_tom_off
      - service: input_boolean.turn_off
        data:
          entity_id: input_boolean.internet_tom

input_boolean:
  internet_tom:

switch:
  - platform: template
    switches:
      internet_tom:
        value_template: "{{ is_state('input_boolean.internet_tom', 'on') }}"
        turn_on:
          service: script.turn_on
          data:
            entity_id: script.internet_tom_on
        turn_off:
          service: script.turn_on
          data:
            entity_id: script.internet_tom_off
1 Like

Thanks a lot! Very useful and detailed explanation! I’m definitely moving to your approach. I’ll come back when I set it up. Thanks again!

Edit: it seems that you and your friend have the same device :joy: (you put the same link; anyway, glad to hear that anyone will be ok, thanks)

sorry, corrected

And two weeks later… just to let you know that this works beautifully. Thanks a lot!

Does this also work with UniFi?