LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-21-2005, 12:46 AM   #1
dark_bringer
LQ Newbie
 
Registered: Apr 2005
Posts: 4

Rep: Reputation: 0
Question Inter Access Limit Scedule


I have some question regarding limit internet access during spesific time.
So far i only use squid acl, but as far i see that can only limit browsing access but for other like chatting program still can access.
I try use configuration at rc, from that i can block it but i can not found for scedule.
So the point is :
08.00 - 11.30 can only for email
11.30 - 13.30 internet free use
13.30 - 17.00 can only for email
17.00 - 08.00 internet free use

can anyone tell me or direct me to some link

thank you
 
Old 04-21-2005, 09:26 AM   #2
Oliv'
Senior Member
 
Registered: Jan 2004
Location: Montpellier (France)
Distribution: Gentoo
Posts: 1,014

Rep: Reputation: 36
Hello,

For HTTP/FTP protocol (internet), use squid + ACL to restrict access.
For other protocol (POP/SMTP/IMAP/MSN...) use a cron job which will dynamically change your iptables rules and deny the corresponding port.
 
Old 04-22-2005, 12:17 AM   #3
dark_bringer
LQ Newbie
 
Registered: Apr 2005
Posts: 4

Original Poster
Rep: Reputation: 0
Thank for the reply. I still seacrh through the net for more detail about about cron job.
Another question please : ^ ^

Here roughly my cron job :

* 08-12 * * 1-5 root run-parts /etc/schedule_access
* 14-17 * * 1-5 root run-parts /etc/schedule_access
* 09-12 * * 6 root run-parts /etc/schedule_access
* 14-16 * * 6 root run-parts /etc/schedule_access

and in the /etc/schedule_access i put this command :

iptables -I FORWARD -p all -i eth1 -s 192.168.2.219/32 -o eth0 --dport 1:24 -j drop
iptables -I FORWARD -p all -i eth1 -s 192.168.2.219/32 -o eth0 --dport 27:109 -j drop
iptables -I FORWARD -p all -i eth1 -s 192.168.2.219/32 -o eth0 --dport 111-65535 -j drop

If the command like above can be work to limit all access accept email ?
 
Old 04-22-2005, 08:17 AM   #4
Oliv'
Senior Member
 
Registered: Jan 2004
Location: Montpellier (France)
Distribution: Gentoo
Posts: 1,014

Rep: Reputation: 36
According the best and easiest solution to do that is to deny all and then to accept connection for port 25 and 110...
so should be something like that:
Code:
iptables -p tcp -j REJECT --reject-with tcp-reset 
iptables -p tcp --dport 25 -m state --state NEW -j ACCEPT # SMTP
iptables -p tcp --dport 110 -m state --state NEW -j ACCEPT # POP3
Another thing.. you have to do a cron job at 8:00 to deny all except mail and do another one at 12:00 to re-enable initial state (the state before 8:00)... and the same thing for 14:00 and 17:00
 
Old 04-24-2005, 11:00 PM   #5
dark_bringer
LQ Newbie
 
Registered: Apr 2005
Posts: 4

Original Poster
Rep: Reputation: 0
But i want some IP (my boss wanted) free to acces any time.
With the code you gave me, it will block all access during spesific time.
That why i still confuse how to block range IP, so far i know must declare one by one there so many IP to declare .
I use 2 section IP 10.10.1.xxx and 192.168.2.xxx. This will be problem if i must declare one by one
 
Old 04-26-2005, 10:17 AM   #6
Oliv'
Senior Member
 
Registered: Jan 2004
Location: Montpellier (France)
Distribution: Gentoo
Posts: 1,014

Rep: Reputation: 36
Well if all denied address are on the same sub-network, use the -s option with a netmask else you have to use a bash script.
For example create a file with denied IP and do:
Code:
#!/bin/bash

if [ -f deny_ips.txt ]
then
        for DENY_IP in `cat badips.txt`
        do
                iptables -A INPUT -s $DENY_IP -j DROP
        done
else
        echo "Can't read deny_ips.txt"
fi
 
Old 04-28-2005, 10:01 PM   #7
dark_bringer
LQ Newbie
 
Registered: Apr 2005
Posts: 4

Original Poster
Rep: Reputation: 0
OK, Thanks.
I will give it try
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
limit user access Pacux Slackware 10 10-17-2005 07:52 AM
How do I limit Internet access? jmelgin Linux - Newbie 12 07-06-2005 05:07 PM
Data Access Limit to Users Gaurav Wadhwa Linux - Enterprise 6 02-28-2005 04:15 AM
Limit access with Apache lothario Linux - Security 1 01-24-2005 01:53 AM
limit access flex411 Linux - Security 12 03-09-2004 07:32 AM


All times are GMT -5. The time now is 07:35 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration