Hi everyone,
I'm new to this forum and stumbled upon it in my search to find a way to implement a router-based Facebook limitation (schedule) for my teens. I had considered PC-based software but then thought it would be a hassle managing this on the family kitchen PC, kids' homework laptop and iPod Touch. I figured a simpler and centralized approach would be to limit Facebook time at the router. Not so easy. The D-Link DIR-655 allows you to block specified Websites or Web access entirely (edit the Access Policy, Schedules and Website Filtering). I had configured my Website Filter page to always deny access to sites like omegle.com and chatroulette.com (please reply with any other nasty sites I should add to that list). I was going to add facebook.com to that list of blocked sites but then thought, wait a minute, I don't want Facebook blocked all the time. I don't mind if my teens use Facebook at the kitchen PC until about dinner time, but then I want the router to block Facebook for the rest of the weeknight so they will have dinner, socialize with fleshy humans and complete their homework etc. Essentially, what I wanted was a router rule of "only allow Facebook until 5:30 pm on weeknights." But the D-Link DIR-655 doesn't elegantly implement this kind of fine-tuned scheduled access to certain Web site names. On the Website Filter page, you can only allow or deny access to named sites like facebook.com; you cannot set a
schedule here for any of these sites. I thought, hmmm....I don't want to add facebook.com to the deny list because I want my kids to get an acceptable dose of Facebook time and then at a preset time, get blocked and forced off it for the remainder of the evening. And I don't want to add facebook.com to the deny list and then manually disable/toggle the Website Filter list daily because that toggling would allow them to visit facebook but also omegle and chatroulette! ARGGG!
Is what I wanted even possible or would I need to buy a more sophisticated router with these scheduling features?
Well I muddled around the D-Link configuration screens for a while and eventually figured out a solution. You
can limit time spent on Facebook (using a specified schedule) without having to name facebook.com on your deny list. The trick is to find out what IP addresses Facebook servers use (you can Google, ping or nslookup) and add them to the Advanced Port Filters rules page.
To start, here is my Website Filter page:

I created a new schedule called Facebookuntil530; the schedule runs from 5:30 pm to 4:00 pm the next day:

In Access Control, I selected Add Policy to create a new policy. I called this policy Facebookuntil530 and set the schedule to be the Facebookuntil530 schedule I just created in the previous step.

I then chose the computers I wanted this policy to apply to (by IP, MAC address or all computers (Other Machines)). On the next screen, I selected
Block Some Access and
Apply Advanced Port Filters:

Finally, I Googled 'Facebook IP addresses' and found this list of Facebook IP ranges and copied these IP ranges into this page and clicked Save:

In a command prompt, you could also
ping facebook.com or
nslookup facebook.com to identify Facebook's responding IP addresses.
This policy therefore prohibits traffic from Facebook during the schedule 5:30 pm to 4:00 pm the next day on the computers you specified.
Hope this helps.