LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Fedora
User Name
Password
Fedora This forum is for the discussion of the Fedora Project.

Notices

Reply
 
Search this Thread
Old 04-18-2006, 06:50 AM   #1
keithdj
LQ Newbie
 
Registered: Aug 2005
Location: New Zealand
Distribution: Fedora 4.0
Posts: 27

Rep: Reputation: 15
Timed based access restrictions with squid & danguardian


Hi.

I have recently (with help from these forums) got Squid and danguardian running on a Fedora 4 linux box.

My aim is to provide internet content & access filtering for my children.

Thus far, I have content filtering largely working, just need to tweak the configuration files etc, if anybody has any hints on cleanly allowing hotmail, whilst blocking all the MSN chat stuff, your advice will be gladly recieved.

However my current aim is to restrict the hours of access. To do this, I have set the following rules in the squid.conf file

The kids pc's have fixed ip addressed



acl child1 src 192.168.0.80/32
acl child2 src 192.168.0.81/32

acl child1_time time MTWHF 21:30-23:59
acl child2_time time MTWHF 20:30-23:59

http_access allow all

acl our_network src 192.168.0.0/24
http_access allow our_network

http_access deny child1 child1_time
http_access deny child2 child2_time


By my reasoning this should firstly allow prety much anybody, but then deny the kids PC if outside the allowable time.

Now what I think is happening is that because the browsers are being pointed to dansguardian, and not squid, then squid is never seeing the kids pc's IP addresses ? If this is the case then how do I get around it, or if not, then can someone tell me what I've missed from above.

Regards
 
Old 04-19-2006, 04:41 AM   #2
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
For simple time control, use iptables.
If you have the TIME module compiled already, you can do..
iptables -I INPUT -i eth~ -s 192.168.0.80 -m time --timestart 21:30 -j REJECT
(Enter your appropriate eth interface)
See man iptables for more options.

If your kernel & iptables don't have this module, you will need to recompile both using patch-o-matic to add the function.
 
Old 04-19-2006, 07:03 AM   #3
keithdj
LQ Newbie
 
Registered: Aug 2005
Location: New Zealand
Distribution: Fedora 4.0
Posts: 27

Original Poster
Rep: Reputation: 15
running Fedora 4, sourced from a magazine cover CD, and it doesn't appear to have the time module. I've never tried to compile modules etc under linux, and is probably a bit above my head at this stage. will keep this suggestion in mind if no one else is able to provide an easier solution. Thanks
 
Old 04-19-2006, 10:27 AM   #4
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
ok..
And it's not an easy task either.. Lots can go wrong..

I'll move this to the Fedora forum and ask if anyone has a kernel already built with the iptables patches..

Does anyone have a successful kernel upgrade or links to one pls?

Last edited by peter_robb; 04-19-2006 at 10:29 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
User based Authentication in Squid instead of Terminal based. TSK2000 Linux - Software 1 12-30-2005 02:22 AM
Restricting Download based on total download using Squid,SARG& Webmin jomy Linux - Networking 0 04-27-2005 06:04 AM
User and Group access restrictions? KendersPlace Linux - Security 1 08-20-2003 05:32 PM
How to remove FTP access restrictions goodman Linux - Newbie 4 08-16-2003 06:07 PM
FTP access using root account - restrictions alaerte Linux - Software 7 04-03-2003 01:33 PM


All times are GMT -5. The time now is 11:39 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration