October 2, 2022
It’s easy to get sucked into a great plot on Netflix and other streaming platforms. So easy, that hours can pass, rather unintentionally.
I had a play with the firewall on my Mikrotik router; I’ve set it up to help limit the amount of streaming our household can consume in one sitting. We’ve called it ‘anti-binge’.
We use Roku streaming devices. My firewall rules detect new streaming activity from a Roku device and permit it for an hour. The device is then blocked for a further three hours. It helps us consume TV more mindfully.
Plus, it was fun to set up. Here’s how.
The Roku devices needed to be in the same IP range. I run VLANs and so did consider a separate subnet but this would have complicated casting.
Instead, I simply gave them all static IPs:
/ip/dhcp-server/lease add address=10.2.3.122 comment="Living Room Roku" mac-address=20:EF:BD:EE:00:AA server=home-dhcp add address=10.2.3.123 comment="Upstairs Roku" mac-address=20:EF:BD:EE:00:33 server=home-dhcp
I then added these IP addresses to a new address list (binge_detect_list):
/ip/firewall/address-list add address=10.2.3.121-10.2.3.124 comment="Anti-Binge TV devices " list=binge_detect_list
Now I add two firewall filter rules on the forward chain. These rules work as follows:
/ip firewall filter add action=add-src-to-address-list address-list=binge_restricted_list address-list-timeout=4h chain=forward comment=\\ "ANTI_BINGE Match in Binge Device transfers more than X mb in a single connection, add to Binge Restricted Device for 4 hours" connection-bytes=10000000-0 disabled=no \\ log=yes log-prefix=anti_binge out-interface-list=wans src-address-list=binge_detect_list place-before=0 add action=add-src-to-address-list address-list=binge_permitted_list address-list-timeout=57m chain=forward comment=\\ "ANTI_BINGE Match in Binge Device transfers more than X mb in a single connection, add to Binge Permitted Devices for 1 hour" connection-bytes=10000000-0 \\ connection-mark=!antibinge_permitted disabled=no log=yes log-prefix=anti_binge out-interface-list=wans src-address-list=binge_detect_list place-before=0
The final piece of the puzzle is to permit or block streaming.
The rules above mean that triggering device is added to both the binge_permitted_list and the binge_restrict_list at the same time. The difference is how long the device stays on each list.