I found a beautiful post about disabling internet and I really like the idea being able to control how long the children stay on the internet. So i took it futher, wrote a component that creates a switch based on IP or MAC address. If happens that the device is not connected to the network, it will wait until is and than starts disabling internet.
All the “magic” behind is done by ARP spoofing, this is technically a kind of an attack but is done in your network, which is fine but you should read something about it. I was really suprised how it works that there is no easy defence and is quite easy to set up and since than I do not connect to public Wifi hotspots.
You should follow the arpspoof.markdown in order to install.
Here is an example of config
arpspoof:
interface: eth0
scan_interval: 40 # in seconds, optional; how often check for online devices, default is 30 sec
switch:
- platform: arpspoof
devices:
test:
friendly_name: my name # optional
address: 192.168.1.105
icon: 'mdi:laptop' # optional
test2:
friendly_name: my other name # optional
address: 'AB:CD:EF:12:34:56'
icon: 'mdi:cellphone' # optional
pilotak,
Trying this out now. Just one question though, in your arpspoof.markdown file the symlink’s that you reference look like they are all for virtual environments. I actually run homeassistant on Ubuntu 17 (non virtual) and wondered which symlink I should follow? I’ve tried a few of them but they don’t work. Then after I add my switches to homeassistant (and reboot of course) they don’t actually arpspoof. I can still ping the spoofed machine. Where am I going wrong?
Hi if your homeasisstant uses same python packages as you (without virtual environment) then you don’t need symlinks. I use them because homeasisstant is in virt.env and doesn’t know about packages i installed locally. Anyway the problem that i found with this spoofing is that when childen turned off wifi on theier mobile and than back on after a while they had an internet connection. Don’t really know why, but when the wifi was on all the time, it worked fine.
Because of that I bought Mikrotik router which allows me the be in control of firewall, so there is where I drop connections to specific MAC address and close all active connections. Mikrotik has a API which i can control through homeassistant , you can find component for that in my repo. I have to say that this method is 100% childproof. The only workaround is to change MAC address of phone/pc.
Hello,
I was trying this custom component and I am getting the error ARP component not initialised!
At the installation stage I could not get the newgrp homeassistant
command to work as it was asking for a password and I did not have one and the root password didn’t work.
What is your home assistant running on. I’m on hassio and have found this very difficult so far, from what I’ve learnt is that hassio isn’t supported so am trying on my hassbian test rig tonight.
right i think i have that as well on an ubuntu server i set this one up fromthis link il have a go with this as well but am pretty sure the hassbian install will work.
Hi @pilotak
You posted one year ago that you have moved to a Mikrotik router solution. I think I will follow your steps. Since I’m not an IT guy, I’ve been reading a lot the docs at Mikrotik website these past nights. The devices are very flexible, which also means a bit complex to start with. But, hey, life is learning. If you don’t mind, right now I have two questions:
Which router do you use? I was considdering this one My flat is around 110 squared meter and just one floor.
I’ve seen your github. I see the custom component but not the scripts to stop connections. Am I missing something?
That’s exacly why chose Mikrotik due to its flexibility.
I use this one and at my friend’s home there is this one where he is using it for the same purpose. But any Mikrotik will be fine
It’s generic component for running scripts not just for disabling internet.
Here is the guide in Mikrotik
Create separate login credentials for HASS
Create firewall rule: Chain=forward, Src. MAC Address=00:00:00:00:00:00 (select device address), Action=reject, Reject With=icmp admin prohibited after save you will see an id of the rule ie.: 10 (you will use this number in scripts)
Give your device static IP address in DHCP section ie.: 192.168.0.100
Create script with name internet_tom_on this will enable firewall rule you created above (it will block new connections), next line is also important as it closes all connections made before enabling firewall rule
/ip firewall filter enable 10
:foreach i in=[/ip firewall connection find where src-address~"^192.168.0.100:.*\$"] do={ /ip firewall connection remove $i }