Re: Limiting internet access by time
On Fri 05 Aug 2016 at 20:02:58 +0100, Brian wrote:
> On Fri 05 Aug 2016 at 13:48:54 -0400, Dan Ritter wrote:
>
> > I have a new suggestion, based on this.
> >
> > Do all the filtering on your LFS box.
> >
> > Match your kid's machine by MAC address.
> >
> > Write two tiny scripts:
> >
> > #!/bin/sh
> > iptables -D FORWARD -m mac --mac-source 58:63:1a:af:71:72 -j DROP
> >
> >
> > #!/bin/sh
> > iptables -I FORWARD -m mac --mac-source 58:63:1a:af:71:72 -j DROP
> >
> > (substituting in the appropriate MAC address for the machine, of
> > course)
> >
> > and run the first one at 9 PM to disable internet access, and
> > run the second one at 8 AM or whatever to re-enable it. Cron is
> > your friend.
>
> For this particular situation (LFS=Linux From Scratch?) this does appear
> to be the easiest (less work) and most obvious solution.
But not foolproof. As was said earlier
> If I leave a hole in this that can be exploited without strong
> technical skills, I'm confident he'll find it...
Wicd and network-manager are popular, so one of them could be on the
system. Someone in possession of a USB wireless adapter can plug it in
or use it to replace the existing one. Either of the softwares can be
used to configure the new interface. This interface has a MAC address
unknown to the LFS box. The interface name can be found with 'ip link'
so a default route can still be controlled.
No wicd and network-manager on the machine? No problem; a USB stick with
Debian on it and a reboot solves that. Plus it could be used for MAC
spoofing. :)
Reply to: