UCI commands to kill internet to specific devices

Hi, I am creating a solution to block kids devices on-demand on my home network. I have the following so far:

index=$(uci show firewall | grep 'Test_Block_Rule' | cut -d "[" -f2 | cut -d "]" -f1)
uci set firewall.@rule[$index].enabled='1'
uci commit firewall
/etc/init.d/firewall reload

This works, but does not drop EXISTING connections from the devices specified in the rule. What is the best way to cut all connections from the devices specified in the rule immediately?

Update: Adding conntrack -D -s <IP> to the list of commands results in all existing connections from the specified IP being dropped immediately.

I didn’t test it, but:

  /etc/init.d/network reload

Should flush all connected/existing streams. Although it might require:

 /etc/init.d/network restart

instead.

if you know the ip , i will try this :

conntrack  -D --src 192.168.XX.YY

I’ll test it. I’d rather not flush the entire network in case it disrupts other things I’ve got going like VPN sessions for work, other devices currently streaming etc. I’d like to think things would be resilient enough to cope, but don’t wanna count on it since this is something my wife would be able to do on-demand without me knowing. It would suck to get bounced from a meeting and VPN drop whenever she wanted to kick the kids off the Internet

Have you thought about creating a separate access point and interface for your kids devices, and then simply disabling that interface?

Basically a guest network

Hmm, well another option is to install “conntrack”

opkg install conntrack

and then use its flush command:

 conntrack -F

But in both cases, i’m not sure of the implications for your VPN.

I have thought about that but I want to be able to disable them individually. My son might do something that revokes his Internet privileges for the day but my daughter would still want access.

Thanks. Adding conntrack -D -s <IP> after my initial commands did the trick. Everything drops immediately when I do that.