hi group i'm trying to cut off internet to my sons xbox and ipod touch. Ive created "time of day definitions" and "Access control List"
but its not working.. please see screenshot attached..
but its not working.. please see screenshot attached..
Share this post:
Responses (4)
-
Accepted Answer
-
Accepted Answer
Have you seen this guide? At this is using the proxy, have you configured your devices to use the proxy (ClearOS_LAN_IP, port 8080)? I am not sure if the xBox plays well with a proxy.
Alternatively you can block with the firewall using a cron job but it is not quite so easy.
Firstly I have a file /etc/clearos/firewall.d/90-firewall_on_off with execute permissions:
All you need to do is substitute the various devices in the HOSTS line for your device names. I use the hosts file (Webconfig > Network > DNS Server) to map host name to IP and I use static leases in the DHCP server. If you want to do it by IP instead, specify the IP's here. Also if doing it by IP change:#!/bin/bash
PATH=$PATH:/usr/bin:/sbin:/bin
HOSTS="NokiaPhone iPod iPad ps4 ps4_wifi motog3g"
if [ -e /usr/src/firewall_on_off.disabled ] ; then
rm -f /usr/src/firewall_on_off.closed
fi
if [ -e /usr/src/firewall_on_off.closed ] ; then
for HOST in $HOSTS ; do
iptables -I FORWARD -s $HOST -j DROP > /dev/null 2>&1
iptables -I FORWARD -d $HOST -j DROP > /dev/null 2>&1
done
else
for HOST in $HOSTS ; do
IP=`host $HOST | cut -d' ' -f4`
if [ ! -z "$IP" ]; then
LINES=`iptables -nL FORWARD --line-numbers | grep -e "DROP.*$IP\s" | cut -d' ' -f1 | sort -nr`
if [ ! -z "$LINES" ]; then
for LINE in $LINES ; do
iptables -D FORWARD $LINE
done
fi
fi
done
fi
# To disable the task without changing cron:
# touch /usr/src/firewall_on_off.disabled
# and to re-enable again:
# rm -f /usr/src/firewall_on_off.disabled
to something like (untested):for HOST in $HOSTS ; do
IP=`host $HOST | cut -d' ' -f4`
if [ ! -z "$IP" ]; then
LINES=`iptables -nL FORWARD --line-numbers | grep -e "DROP.*$IP\s" | cut -d' ' -f1 | sort -nr`
if [ ! -z "$LINES" ]; then
for LINE in $LINES ; do
iptables -D FORWARD $LINE
done
fi
fi
done
fi
This section looks well OTT but there must have been a reason why I did it unless it was from a purist viewpoint in the case that there was more than one block by IP.for IP in $HOSTS ; do
LINES=`iptables -nL FORWARD --line-numbers | grep -e "DROP.*$IP\s" | cut -d' ' -f1 | sort -nr`
if [ ! -z "$LINES" ]; then
for LINE in $LINES ; do
iptables -D FORWARD $LINE
done
fi
done
fi
You then want to set up a cron job (use the command "crontab") to end up with something like:# Weekdays
# Start firewall restrictions
15 22 * * 0-4 touch /usr/src/firewall_on_off.closed && /etc/clearos/firewall.d/90-firewall_on_off
# Stop firewall restrictions
15 06 * * 1-5 rm -f /usr/src/firewall_on_off.closed && /etc/clearos/firewall.d/90-firewall_on_off
# Weekends Sunday = 0 and 7
# Start firewall restrictions
45 22 * * 5,6 touch /usr/src/firewall_on_off.closed && /etc/clearos/firewall.d/90-firewall_on_off
# Stop firewall restrictions
15 06 * * 6,7 rm -f /usr/src/firewall_on_off.closed && /etc/clearos/firewall.d/90-firewall_on_off
The approach might seem a bit complicated but this is to allow the firewall to restart when it wants without losing the rules. -
Accepted Answer
-
Accepted Answer
It is what I do to cut my son off at night! I've gone into my backups and my original script was much simpler:
It does have a weakness in that if the block is active and you then change the cron schedule, if another block is triggered before an unblock you get multiple block rules which this script does not detect and unblocking does not work fully. The first script I posted gets round that.#!/bin/bash
IPS="NokiaPhone iPod iPad ps4 ps4_wifi ex-server adventtegra"
if [ -e /usr/src/firewall_on_off.disabled ] ; then
rm -f /usr/src/firewall_on_off.closed
fi
if [ -e /usr/src/firewall_on_off.closed ] ; then
FLAG="-I"
else
FLAG="-D"
fi;
for IP in $IPS ; do
/sbin/iptables $FLAG FORWARD -s $IP -j DROP > /dev/null 2>&1
/sbin/iptables $FLAG FORWARD -d $IP -j DROP > /dev/null 2>&1
done;
# touch /usr/src/firewall_on_off.disabled
# rm -f /usr/src/firewall_on_off.disabled
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »