Re: DHCP quickie

To: debian-user@lists.debian.org
Subject: Re: DHCP quickie
From: "Karl E. Jorgensen" <karl@jorgensen.org.uk>
Date: Wed, 5 Mar 2014 00:56:28 +0000
Message-id: <[🔎] 20140305005628.GA3606@hawking>
In-reply-to: <[🔎] 20140304173257.GA6878@fever.havannah.local>
References: <[🔎] 20140304173257.GA6878@fever.havannah.local>

Hi

On Tue, Mar 04, 2014 at 07:32:57PM +0200, Danny wrote:
> Hi Guys,
> 
> Is it possible to only give leases at a certain time of day for a certain IP or
> MAC?
> 
> Say from 06:00 till 10:00 and then from 18:00 till 22:00?

Ah. Let's assume this is a residential evironment. And that you want
to "help" a teenager get some sleep?  :-)

( Oh well.  Don't tell the victim about downloading movies to watch
later :-D  Or play offline games (do teenagers know they exist?).

If so, there are several possibilites:

- Some (many) home routers can enforce MAC access control based on
  times.  Obviously such stuff is hidden down in the "advanced" menus.
  The net effect is that internet access "breaks" when the curfew
  kicks in. Very effective.

  This can be F***NG ANNOYING TO DEBUG ... if you forget about it.

- If you route all traffic through the debian box, iptables can
  enforce this.  Search for "--time" on iptables's man page.

  Similar caveat as above applies.

- Switching DHCP configuration back and forth.  It can be defeated by
  manually reconfiguring the victim device(s) to not use DHCP.  This
  is less accurate - it only affects the device next time it
  renews/obtains a lease.  So you want to make sure the lease time
  isn't e.g. > 8 hours, as this would effectively defeat the purpose
  of this... Keep the lease times short - at least for this device.

  Instead of messing about with the main dhcpd.conf, use an include
  file.  But make dhcpd.conf refer to a *symlink* that you re-point at
  strategic times, combined with DHCP server restarts. Much less error
  prone than moving files about or editing them via scripts.

  To do this, I could imagine:

  * tweak to /etc/dhcpd.conf to say 

      include "/etc/dhcp/curfew-host.conf"

  * A new file: /etc/dhcp/curfew-host.conf.deny :

      host limited {
          hardware ethernet 08:00:27:87:ee:5b;  # Insert correct MAC address here
          option routers 192.168.0.254; # Insert unused local IP here. Must be on the same subnet as your victim.
      }
       
  * To cron jobs to manipulate the symlink named
    "curfew-host.conf". We assume that the DHCP server default would
    be to grant a "working" lease, so re-pointing to the symlink would
    make the victim host "nothing special".

     * @ 06:00 and 18:00:
         cd /etc/dhcp && rm curfew-host.conf && ln -s /dev/null curfew-host.conf && service dhcpd restart

     * @ 10:00 and 20:00:
         cd /etc/dhcp && rm curfew-host.conf && ln -s curfew-host.conf.deny curfew-host.conf && service dhcpd restart


Hope this helps.
-- 
Karl E. Jorgensen

Reply to:

References:
- DHCP quickie
  - From: Danny <dannydebont@gmail.com>

Prev by Date: Re: mounting nfs on boot -- Was: Replacing systemd
Next by Date: Re: mounting nfs on boot -- Was: Replacing systemd
Previous by thread: Re: DHCP quickie
Next by thread: Read-only rootfs on systemd
Index(es):
- Date
- Thread