Re: DHCP quickie
Hi
On Tue, Mar 04, 2014 at 07:32:57PM +0200, Danny wrote:
> Hi Guys,
>
> Is it possible to only give leases at a certain time of day for a certain IP or
> MAC?
>
> Say from 06:00 till 10:00 and then from 18:00 till 22:00?
Ah. Let's assume this is a residential evironment. And that you want
to "help" a teenager get some sleep? :-)
( Oh well. Don't tell the victim about downloading movies to watch
later :-D Or play offline games (do teenagers know they exist?).
If so, there are several possibilites:
- Some (many) home routers can enforce MAC access control based on
times. Obviously such stuff is hidden down in the "advanced" menus.
The net effect is that internet access "breaks" when the curfew
kicks in. Very effective.
This can be F***NG ANNOYING TO DEBUG ... if you forget about it.
- If you route all traffic through the debian box, iptables can
enforce this. Search for "--time" on iptables's man page.
Similar caveat as above applies.
- Switching DHCP configuration back and forth. It can be defeated by
manually reconfiguring the victim device(s) to not use DHCP. This
is less accurate - it only affects the device next time it
renews/obtains a lease. So you want to make sure the lease time
isn't e.g. > 8 hours, as this would effectively defeat the purpose
of this... Keep the lease times short - at least for this device.
Instead of messing about with the main dhcpd.conf, use an include
file. But make dhcpd.conf refer to a *symlink* that you re-point at
strategic times, combined with DHCP server restarts. Much less error
prone than moving files about or editing them via scripts.
To do this, I could imagine:
* tweak to /etc/dhcpd.conf to say
include "/etc/dhcp/curfew-host.conf"
* A new file: /etc/dhcp/curfew-host.conf.deny :
host limited {
hardware ethernet 08:00:27:87:ee:5b; # Insert correct MAC address here
option routers 192.168.0.254; # Insert unused local IP here. Must be on the same subnet as your victim.
}
* To cron jobs to manipulate the symlink named
"curfew-host.conf". We assume that the DHCP server default would
be to grant a "working" lease, so re-pointing to the symlink would
make the victim host "nothing special".
* @ 06:00 and 18:00:
cd /etc/dhcp && rm curfew-host.conf && ln -s /dev/null curfew-host.conf && service dhcpd restart
* @ 10:00 and 20:00:
cd /etc/dhcp && rm curfew-host.conf && ln -s curfew-host.conf.deny curfew-host.conf && service dhcpd restart
Hope this helps.
--
Karl E. Jorgensen
Reply to: