Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 04-27-2017, 03:21 PM   #1
LQ Newbie
Registered: Sep 2010
Posts: 7

Rep: Reputation: 0
network access restrictions

I have a server running debian acting as a firewall/forward/masquerade box. In order to, ah, encourage, my kids to get their homework done before frittering their time away on social media, I long ago introduced a restriction system on when their devices get network access. I use the cron daemon to schedule a script to insert and remove forwarding rules in iptables based on known mac addresses; so during certain times of day, devices on the 'trouble' list can connect to the local network but not access the gateway.

This all works great, except for a substantial loophole. Access is granted to one device each so homework requiring internet access can be done, usually one laptop per user. I know, they can access social media through their laptops, but they do prefer their phones for this. Their phones don't have data plans. You can probably guess where this is going. My clever progeny have discovered they can make their laptops into hotspots, tether their phones, and use the laptops' access to allow social media on their phones; thus we are back to frittering, failing courses, not graduating, etc.

At last, the question: Is there some way I can prevent devices tethered to hotspotted laptops from gaining access to the internet?
Old 04-28-2017, 04:57 AM   #2
Registered: Mar 2006
Location: Czech Republic
Distribution: Gentoo, Chakra
Posts: 997
Blog Entries: 15

Rep: Reputation: 136Reputation: 136

I assume that the hotspots perform NAT, thus routing.
One way I thought of would be to decrement the TTL of packets destined for the laptops to 1. The laptops would then receive all packets, yet wouldn't allow another routing.
Or, you could drop all outgoing packets with a TTL different from an expected value (Assuming the NAT doesn't rewrite that value).Inspiration.
Inspiration 2
Old 05-20-2017, 07:22 PM   #3
Registered: Jul 2003
Location: NY
Distribution: Slackware, Termux
Posts: 713

Rep: Reputation: 216Reputation: 216Reputation: 216
Another way to approach the problem is iptables filter everything outbound except for your DNS server and one port, on which listens a proxy server, and filter them like that. Privoxy is such a server, but is a bit of beast to configure. Businesses such things to stop people from going to non-work related sites. Then just insert/delete that iptables rule that drops everything at a certain time via your cron daemon. Privoxy might even have time-based filters now, but I'm not sure, as I've not checked on that. I just use it for Tor.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Linux User Access Restrictions to Network, USB ports, PCMCIA, CDROM netfreighter Linux - Security 6 05-06-2011 09:29 AM
FTP access restrictions Fabian10 Linux - Server 2 11-28-2007 11:49 AM
ssh root restrictions access newbie_adm Linux - General 2 11-12-2007 11:52 AM
Internet Access Restrictions SBN Linux - Security 30 07-04-2007 09:51 PM
How to remove FTP access restrictions goodman Linux - Newbie 4 08-16-2003 07:07 PM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:31 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration