LEDE script to setup kids WiFi

kids.sh

#!/bin/sh

start='18:00:00'
early_end='19:00:00'
end='08:30:00'
ssid='KIDZ'
pass='KidsAreCool'

allowip() {
        rule=$1
        ip=$2
        uci delete firewall.$rule
        uci set firewall.$rule=rule
        uci set firewall.$rule.name="$rule"
        uci set firewall.$rule.src='kids'
        uci set firewall.$rule.dest='wan'
        uci set firewall.$rule.dest_ip="$ip"
        uci set firewall.$rule.proto='tcp'
        uci set firewall.$rule.dest_port='443'
        uci set firewall.$rule.target='ACCEPT'
        uci set firewall.$rule.start_time="$start"
        uci set firewall.$rule.stop_time="$end"
        uci set firewall.$rule.family='ipv4'
}

# Configure kids network
uci delete network.kids
uci set network.kids=interface
uci set network.kids.proto=static
uci set network.kids.ipaddr=10.77.77.1
uci set network.kids.netmask=255.255.255.0

# Configure kids Wi-Fi
uci delete wireless.kids
uci set wireless.kids=wifi-iface
uci set wireless.kids.device=radio1
uci set wireless.kids.mode=ap
uci set wireless.kids.network=kids
uci set wireless.kids.ssid="$ssid"
uci set wireless.kids.encryption='psk2'
uci set wireless.kids.key="$pass"

# Configure DHCP for kids network
uci delete dhcp.kids
uci set dhcp.kids=dhcp
uci set dhcp.kids.interface=kids
uci set dhcp.kids.start=50
uci set dhcp.kids.limit=200
uci set dhcp.kids.leasetime=12h

# Configure firewall for kids network

## Configure kids zone
uci delete firewall.kids_zone
uci set firewall.kids_zone=zone
uci set firewall.kids_zone.name=kids
uci set firewall.kids_zone.network=kids
uci set firewall.kids_zone.input=REJECT
uci set firewall.kids_zone.forward=REJECT
uci set firewall.kids_zone.output=ACCEPT
uci set firewall.kids_zone.log='1'
uci set firewall.kids_zone.log_limit='100/second'

## Allow kids -> Internet
uci delete firewall.kids_forwarding
uci set firewall.kids_forwarding=forwarding
uci set firewall.kids_forwarding.src=kids
uci set firewall.kids_forwarding.dest=wan

## Allow DNS kids -> Router
uci delete firewall.kids_rule_dns
uci set firewall.kids_rule_dns=rule
uci set firewall.kids_rule_dns.name='Allow DNS Queries'
uci set firewall.kids_rule_dns.src=kids
uci set firewall.kids_rule_dns.dest_port=53
uci set firewall.kids_rule_dns.proto=udp
uci set firewall.kids_rule_dns.target=ACCEPT

## Allow DHCP kids -> Router
uci delete firewall.kids_rule_dhcp
uci set firewall.kids_rule_dhcp=rule
uci set firewall.kids_rule_dhcp.name='Allow DHCP request'
uci set firewall.kids_rule_dhcp.src=kids
uci set firewall.kids_rule_dhcp.src_port=68
uci set firewall.kids_rule_dhcp.dest_port=67
uci set firewall.kids_rule_dhcp.proto=udp
uci set firewall.kids_rule_dhcp.target=ACCEPT

## Block evenings 6 - 7
uci delete firewall.kids_rule_early
uci set firewall.kids_rule_early=rule
uci set firewall.kids_rule_early.src='kids'
uci set firewall.kids_rule_early.dest='wan'
uci set firewall.kids_rule_early.name='Kids 6 - 7'
uci set firewall.kids_rule_early.target="REJECT"
uci set firewall.kids_rule_early.start_time="$start"
uci set firewall.kids_rule_early.stop_time="$early_end"

## Block evenings after 7
uci delete firewall.kids_rule_late
uci set firewall.kids_rule_late=rule
uci set firewall.kids_rule_late.src='kids'
uci set firewall.kids_rule_late.dest='wan'
uci set firewall.kids_rule_late.name='Kids after 7'
uci set firewall.kids_rule_late.target="REJECT"
uci set firewall.kids_rule_late.start_time="$early_end"
uci set firewall.kids_rule_late.stop_time="$end"

allowip 'audio_bible_youversion_1' '216.239.32.21'
allowip 'audio_bible_youversion_2' '216.239.34.21'
allowip 'audio_bible_youversion_3' '216.239.36.21'
allowip 'audio_bible_youversion_4' '216.239.38.21'
allowip 'youversionapi_1' '174.36.126.98'
allowip 'youversionapi_2' '174.36.126.99'
allowip 'cdn_youversion_1' '151.101.1.194'
allowip 'cdn_youversion_2' '151.101.65.194'
allowip 'cdn_youversion_3' '151.101.129.194'
allowip 'cdn_youversion_4' '151.101.193.194'

uci commit

# Restart services
/etc/init.d/network restart
/etc/init.d/firewall restart
/etc/init.d/dnsmasq restart