Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I'm not sure if this is the best place to post this but . . .
How would one set a limit on internet access based on time. Say the internet was only available from 9am until 11am and then 1pm until 3pm. It's summer time, and I want to make sure my kids aren't on the computer nonstop while I'm at work. Any help appreciated.
I think there's probably some commercially available system lockdown software available that will do this, but the only thing I can think of is perhaps some sort of cron job which will check to see what time it is, and if it's not between 9am-11am && it's not between 1pm-3pm && your network interface is up, bring it down (ifconfig eth0 down). Set up the job to run sufficiently frequently, and it will prevent any internet access whatsoever (and
if they figure out how to bring it up, it'll just go down again).
Another option would be to limit your browser to just one choice, say firefox (uninstall any others), and write a wrapper script which won't run the browser unless it's between the specified hours. You could make it display some sort of error message if it's not.
(I say firefox because it runs via a script rather than a binary, so you could p'bly edit it to do whatever you'd like). The problem with this is it will disallow browser access, but not IM, IRC, etc.
This'll do the trick too, if it's started as root (it's got to be run as root, actually. Users don't get access to ifconfig and dhcpcd). Plus, if it's run as root, users can't kill -9 it :-)
nineAM=`date +%s --date="09:00"`
elevenAM=`date +%s --date="11:00"`
onePM=`date +%s --date="13:00"`
threePM=`date +%s --date="15:00"`
if [[ ($now -gt $nineAM && $now -lt $elevenAM) || ($now -gt $onePM && $now -lt $threePM) ]]; then
status=`ifconfig | grep eth0`
if [ -z "$status" ]; then
ifconfig eth0 up
#restart dhcpcd too...I always have to do this
status=`ifconfig | grep eth0`
if [ -z $status ]; then
echo "eth0 is going down..."
ifconfig eth0 down
# wait 5 minutes before checking again
My cheapo D-link router does exactly what you're looking for, but I wish I could do it through my firewall instead. I have mine set so that the kids' IP addresses are blocked from internet access and AIM when they're supposed to be sleeping.
I have the same problem with two sons who want to surf instead of sleep - and I split the problem with them into two parts.
I spent a few bucks (around 25 I think) on a proprietary Windoze site filter. There are several to choose from and I think even one or two freeware ones these days... becasue this means I can be reasonably sure they are not going where they shouldn't and then the easy part is to use Ipchains on the linux gateway to do the time-clock part.
Simply configure 2 or 3 different ipchains files with different rulesets which allow some, none or all the machines (your choice) to access the internet via your linux gateway on the cable. then use good old cron to switch over from one file to another at appropriate times.
Big Son Machine
Small Son Machine
Big Son Machine
At 2000 hrs when small son should be getting ready for bed, cron switches from ruleset one to ruleset two, then at 2130 when Big son should be getting ready for bed, cron runs ipchains with ruleset three and then only mum and dad can surf the net...
The main reason I went this route is that I coldn't find a freeware linux based content filter that was 'up-to-date'. Most of the paid-for Windoze ones include regular updates with the fee so the 'banned lists' keep getting updated.
I have assumed that you have more than one machine on the home network so they might want to use the network but not surf the net...?
Hope this helps and if you need help with the ipchains config ping me here.
Distribution: Slackware / Debian / *Ubuntu / Opensuse / Solaris uname: Brian Cooney
if you want to completley deny acess to the machine, not just the internet, google logoutd.
I used it on my "little sister" and took care of her surfing/not sleeping habits over night
its a little on the brute side thou, it just kinly logs you off when your supposed to log off.... doesnt save your work, ect, but heck, her work was chatting with friends, and she quickley learned to watch the clock close to 11 and say goodby