Access Controls works for blacklist, but not when switched to whitelist
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Hi everyone,
I'm attempting to use Access Control to manage a child's device (since parental controls limit the number of adult devices to 4 and I have at least 8).
The instructions make this sound easy. They say to use "Allow" in the Default Filter Policy. Then all internet traffic is blocked for all devices, except for whatever rules are set up.
I set up a test:
I added the parents' devices and the child's device each as a host, and created a rule for each of the parents' devices that uses the target "Any" (in other words, the whole internet), applied all the time. And for the child device, I created a rule that applies a target that only includes "nytimes", also applied all the time. Then I set the Default Filter Policy to "Allow".
According to the instructions, the adult devices should be allowed to access the entire internet, and the child should be restricted to ONLY nytimes.com.
It's really weird. Half of it works, but the other half doesn't: the parent devices can access the entire internet (great!). However, the rule that should enable the child to access NYTimes doesn't seem to apply. The child's device is blocked from the entire internet, including nytimes, so the rule for the child device is not being applied.
Has anyone encountered this before? Maybe I'm missing something?
I doublechecked that the rule for the child's device works as a blacklist. If I set the default filter policy to "Deny," and delete all of the rules that apply to the parent devices, the child's device is allowed to the entire internet but blocked from nytimes. So I don't really know what's the issue.
Can anyone offer any advice?
Here's a screenshot of my rule:
Here is the info from the TP-Link administration and documentation:
| Default Filter Policy |
| Allow the packets specified by any enabled access control policy to pass through the Router |
| Deny the packets specified by any enabled access control policy to pass through the Router |
For example: If you desire to allow the host with MAC address 00-11-22-33-44-AA to access www.google.com only from 18:00 to 20:00 on Saturday and Sunday, and forbid other hosts in the LAN to access the Internet, you should follow the settings below:
- Click the submenu Rule of Access Control in the left to return to the Rule List page. Select Enable Internet Access Control and choose "Allow the packets specified by any enabled access control policy to pass through the Router".
