LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   setting time limit on internet (https://www.linuxquestions.org/questions/linux-security-4/setting-time-limit-on-internet-333869/)

exalted 06-15-2005 10:20 AM
setting time limit on internet
 
I'm not sure if this is the best place to post this but . . .
How would one set a limit on internet access based on time. Say the internet was only available from 9am until 11am and then 1pm until 3pm. It's summer time, and I want to make sure my kids aren't on the computer nonstop while I'm at work. Any help appreciated.

rose_bud4201 06-15-2005 01:28 PM
I think there's probably some commercially available system lockdown software available that will do this, but the only thing I can think of is perhaps some sort of cron job which will check to see what time it is, and if it's not between 9am-11am && it's not between 1pm-3pm && your network interface is up, bring it down (ifconfig eth0 down). Set up the job to run sufficiently frequently, and it will prevent any internet access whatsoever (and
if they figure out how to bring it up, it'll just go down again).
Another option would be to limit your browser to just one choice, say firefox (uninstall any others), and write a wrapper script which won't run the browser unless it's between the specified hours. You could make it display some sort of error message if it's not.
(I say firefox because it runs via a script rather than a binary, so you could p'bly edit it to do whatever you'd like). The problem with this is it will disallow browser access, but not IM, IRC, etc.

Dunno...just some ideas :)

rose_bud4201 06-15-2005 02:48 PM
Sorry, I'm truly bored at work today...

This'll do the trick too, if it's started as root (it's got to be run as root, actually. Users don't get access to ifconfig and dhcpcd). Plus, if it's run as root, users can't kill -9 it :-)

Code:
#!/bin/bash


while(true); do
    nineAM=`date +%s --date="09:00"`
    elevenAM=`date +%s --date="11:00"`
    onePM=`date +%s --date="13:00"`
    threePM=`date +%s --date="15:00"`

    now=`date +%s`

    if [[ ($now -gt $nineAM && $now -lt $elevenAM) || ($now -gt $onePM && $now -lt $threePM) ]]; then
        status=`ifconfig | grep eth0`
        if [ -z "$status" ]; then
            ifconfig eth0 up
            #restart dhcpcd too...I always have to do this
            dhcpcd -k
            dhcpcd
        fi
    else
        status=`ifconfig | grep eth0`
        if [ -z $status ]; then
            #nothing
        else
            echo "eth0 is going down..."
            ifconfig eth0 down
        fi
    fi

    # wait 5 minutes before checking again
    sleep 300;
done

Imanerd 06-15-2005 04:02 PM
My cheapo D-link router does exactly what you're looking for, but I wish I could do it through my firewall instead. I have mine set so that the kids' IP addresses are blocked from internet access and AIM when they're supposed to be sleeping. ;)

jayakrishnan 06-17-2005 05:01 PM
I think SQUID proxy might help here

exalted 06-18-2005 12:16 PM
Quote:
Originally posted by rose_bud4201
Sorry, I'm truly bored at work today...

This'll do the trick too, if it's started as root (it's got to be run as root, actually. Users don't get access to ifconfig and dhcpcd). Plus, if it's run as root, users can't kill -9 it :-)
I know how that is! Thanks a lot! I'll give this a try on Monday and see how grumpy my kids are when I get home ;)

nickbunyan 07-06-2005 04:19 PM
Use the ipchains bit if you have home network...
 
I have the same problem with two sons who want to surf instead of sleep - and I split the problem with them into two parts.

I spent a few bucks (around 25 I think) on a proprietary Windoze site filter. There are several to choose from and I think even one or two freeware ones these days... becasue this means I can be reasonably sure they are not going where they shouldn't and then the easy part is to use Ipchains on the linux gateway to do the time-clock part.

Simply configure 2 or 3 different ipchains files with different rulesets which allow some, none or all the machines (your choice) to access the internet via your linux gateway on the cable. then use good old cron to switch over from one file to another at appropriate times.

E.g.

Ruleset one
Dads Machine
Mums Machine
Big Son Machine
Small Son Machine

Ruleset two
Dads Machine
Mums Machine
Big Son Machine

Ruleset three
Dads machine
Mums Machine


At 2000 hrs when small son should be getting ready for bed, cron switches from ruleset one to ruleset two, then at 2130 when Big son should be getting ready for bed, cron runs ipchains with ruleset three and then only mum and dad can surf the net...

The main reason I went this route is that I coldn't find a freeware linux based content filter that was 'up-to-date'. Most of the paid-for Windoze ones include regular updates with the fee so the 'banned lists' keep getting updated.

I have assumed that you have more than one machine on the home network so they might want to use the network but not surf the net...?

Hope this helps and if you need help with the ipchains config ping me here.

nickbunyan

Kahless 07-07-2005 02:53 AM
if you want to completley deny acess to the machine, not just the internet, google logoutd.

I used it on my "little sister" and took care of her surfing/not sleeping habits over night :)


its a little on the brute side thou, it just kinly logs you off when your supposed to log off.... doesnt save your work, ect, but heck, her work was chatting with friends, and she quickley learned to watch the clock close to 11 and say goodby :p


All times are GMT -5. The time now is 11:57 PM.