Topic: limit internet access by time.

[luisc]

Is there a contrib to limit internet access by time and day?

[boringgit]

For everyone or just a few?

If you are looking to prevent either all users, or allow only one (to access the net outside hours) I can help. (This can be done using an IPtables command in Crontab)

If you want to except more than one user I never worked out how   There are things like setting the proxy to authenticate users, this presumably could be timed, not that I could help.....

[luisc]

for everyone.

[boringgit]

in the /etc directory you will find the "crontab" file. This is used by the cron scheduling service to run programs or commands at specified times. While you can edit this file directly, it will be overwritten each time you change something in the server manager, so use that file for monitoring only, actually make changes to the templates.

You will find the crontab templates in the /etc/e-smith/templates/etc/crontab directory (I think this was slightly different in pre 6 releases?)

I chose to put my commands into the 00setup file, so that they appear at the beginning of the crontab file - you can probably use any of the files in that directory though...

I then used the following command to drop all but my own MAC address

20 00 * * * root iptables -I FORWARD -j DROP -m mac --mac-source ! {MAC addy}
20 00 * * * root iptables -I INPUT -j DROP -m mac --mac-source ! {MAC Addy}

IF you want all blocked I think you can probably sustitute the -m mac with all or similar, but lets face it, given that the "!" inverts the command, (as in it drops all but the specified MAC) all you need to do is enter a MAC addy not on you LAN.

The bit at the beginning of the line controls the crontab scheduling. In this instance it tells it to execute the command at 20 past midnight. The "root" tells it to run as root (miss this out and it will not work)

For more details on crontab scheduling see http://www.mkssoftware.com/docs/man1/crontab.1.asp Using this you can schedule the commands to occur at different times at weekdays / weekends, different every day etc etc... It is flexible if a wee bit convoluted.

To reinstate I simply put the following:

30 12 * * * root iptables -D FORWARD -j DROP -m mac --mac-source ! {mac addy}
30 12 * * * root iptables -D INPUT -j DROP -m mac --mac-source ! {mac addy}

Which switches all back on at half past midday.

I found that I needed to block both the forward and input chains, as IRC and the like seems to work differently to HTTP....

I am sure somebody else will have a far more elegant solution than mine, but if you want any more help on this ugly duckling I am happy to give it

 

[byte]

or your could try abe's beta contrib which adds a panel for setting time/day

http://mirror.contribs.org/smeserver/contribs/aloveless/contribs/ipblock_inet/beta/

HTH

[ztasevski]

hi,

i've also achived the save just by writing 2 scripts one for staring and one for stopping and just stuck them in the crontab

works like a charm  

[boringgit]

or your could try abe's beta contrib which adds a panel for setting time/day
http://mirror.contribs.org/smeserver/contribs/aloveless/contribs/ipblock_inet/beta/

Wish there was one for MAC addy as well.

On my home server I am trying to restrict My wee brothers access. While I am comfortable with my current solution it is rather longwinded. Trouble is he does have some techie mates who may think of changing IP in order to circumvent restrictions.....

[byte]

or your could try abe's beta contrib which adds a panel for setting time/day
http://mirror.contribs.org/smeserver/contribs/aloveless/contribs/ipblock_inet/beta/

Wish there was one for MAC addy as well.

On my home server I am trying to restrict My wee brothers access. While I am comfortable with my current solution it is rather longwinded. Trouble is he does have some techie mates who may think of changing IP in order to circumvent restrictions.....

well that contrib does mac addys as well read the thread from the dev list here http://lists.contribs.org/mailman/public/devinfo/msg07510.html

test and post back there.

Thanks Abe for the great contrib looks like its gonna be popular

REMEMBER THIS IS BETA SO TEST FIRST

[Marcos]

Is possible to install this contrib (the beta 2)in an 5.6 version?

Thanks

Marcos

[byte]

Is possible to install this contrib (the beta 2)in an 5.6 version?

Thanks

Marcos

At the start of Abe's thread it says it supports 5.6 and up whether beta 2 version does I'm not sure try on a test machine and post back. (As we run SME 6.0.1-01 takeoff)

HTH

[Jáder]

Abe

I installed your contrib...
I´d like to see a new feature on it:

Suspend rule.

A new link, to allow suspend rule (do not delete it!)

would be great allow release internet access (for example to use WindowsUpdate) with just a click!

[Chrille]

Hi,

Does anybody know of a solution to limit different users time on the internet? Not by hour but on total "access time".

Problem.
I want to limit my sons access to the Internet, because he plays Counterstrike a lot more then we agreed on, to x hours every day except on weekends where he can get y hours. I have three XP clients, with 4 user accounts on each client, in my house. It shall be possible for me to set different limits for each user (not client), i.e. 1 hour/day to unlimited access. It shall not affect the possibilities to access files in an Ibay. It would be nice if there is a "5-minutes left" warning. I'm running 6.0 and is allways connected to Internet by ADSL

Suggestions?

Regards,

/Chrille