Yeah, i don't know any time based access lists that can even look at a MAC address. When i was suggesting filtering by MAC address i meant that since the router/switch/AP box (ISR) knows a specific user's MAC address, it would control packets from the specific MAC address. (i can't begin to imagine how). Also, do you know if there are time based MAC address switchport security setting?
Maybe i'll get an ISR and create a small DHCP pool with my parent's devices manually linked to specific IP addresses, and everything else will just get an IP address from another subnet (DHCP pool) which will have a time-based ACL associated with it.
i feel that by switching off my brother's Internet access after 21:00 will actually be helpful for him, not his "enemies"
On a sidenote i am also quite certain that my brother will find something to occupy himself with even with no internet access. (games, TV, going out etc.)