-   Fedora (
-   -   Timed based access restrictions with squid & danguardian (

keithdj 04-18-2006 07:50 AM

Timed based access restrictions with squid & danguardian

I have recently (with help from these forums) got Squid and danguardian running on a Fedora 4 linux box.

My aim is to provide internet content & access filtering for my children.

Thus far, I have content filtering largely working, just need to tweak the configuration files etc, if anybody has any hints on cleanly allowing hotmail, whilst blocking all the MSN chat stuff, your advice will be gladly recieved.

However my current aim is to restrict the hours of access. To do this, I have set the following rules in the squid.conf file

The kids pc's have fixed ip addressed

acl child1 src
acl child2 src

acl child1_time time MTWHF 21:30-23:59
acl child2_time time MTWHF 20:30-23:59

http_access allow all

acl our_network src
http_access allow our_network

http_access deny child1 child1_time
http_access deny child2 child2_time

By my reasoning this should firstly allow prety much anybody, but then deny the kids PC if outside the allowable time.

Now what I think is happening is that because the browsers are being pointed to dansguardian, and not squid, then squid is never seeing the kids pc's IP addresses ? If this is the case then how do I get around it, or if not, then can someone tell me what I've missed from above.


peter_robb 04-19-2006 05:41 AM

For simple time control, use iptables.
If you have the TIME module compiled already, you can do..
iptables -I INPUT -i eth~ -s -m time --timestart 21:30 -j REJECT
(Enter your appropriate eth interface)
See man iptables for more options.

If your kernel & iptables don't have this module, you will need to recompile both using patch-o-matic to add the function.

keithdj 04-19-2006 08:03 AM

running Fedora 4, sourced from a magazine cover CD, and it doesn't appear to have the time module. I've never tried to compile modules etc under linux, and is probably a bit above my head at this stage. will keep this suggestion in mind if no one else is able to provide an easier solution. Thanks

peter_robb 04-19-2006 11:27 AM

And it's not an easy task either.. Lots can go wrong..

I'll move this to the Fedora forum and ask if anyone has a kernel already built with the iptables patches..

Does anyone have a successful kernel upgrade or links to one pls?

All times are GMT -5. The time now is 04:41 AM.