Re: Limiting internet access by time

To: debian-user@lists.debian.org
Subject: Re: Limiting internet access by time
From: Mark Fletcher <mark27q1@gmail.com>
Date: Mon, 08 Aug 2016 00:03:25 +0000
Message-id: <[🔎] CAH6Gj5HUxfs1zVOCrh7ycfNp9mjNO7D7LohDmstzDO2+g1y1Gw@mail.gmail.com>
In-reply-to: <[🔎] 07082016190949.acb4ca7038a2@desktop.copernicus.demon.co.uk>
References: <[🔎] CAH6Gj5EXN8aVx=qL8swrQz-HkyzYsPN0gvU_oTkWYGNi+LX37g@mail.gmail.com> <[🔎] 05082016111455.79de7370e1f3@desktop.copernicus.demon.co.uk> <[🔎] 201608051200.28572.lisi.reisz@gmail.com> <[🔎] 20160805140347.GA29274@copernicus.demon.co.uk> <[🔎] CAH6Gj5Hn9eYsrUSjNLxKHfgCcEbd2G-06fAgG6vboS_ZikS78Q@mail.gmail.com> <[🔎] 20160805174854.GF13077@newtao.randomstring.org> <[🔎] CAH6Gj5Ey9msqEe0pLLb6Kg3UTT3+QYa1veVG_YS9Q5_3B=WyAA@mail.gmail.com> <[🔎] 20160807005737.GG13077@newtao.randomstring.org> <[🔎] CAH6Gj5Ew5m1V70g-AYWc540RBimvLGEeuyvx0u816_vtK9iPRA@mail.gmail.com> <[🔎] 07082016190949.acb4ca7038a2@desktop.copernicus.demon.co.uk>

On Mon, 8 Aug 2016 at 03:15, Brian <ad44@cityscape.co.uk> wrote:

On Sun 07 Aug 2016 at 03:32:00 +0000, Mark Fletcher wrote:

> In the end I got what I needed by using Lars' pointer of the iptables
> extensions. I copied the iptables systemd service unit from my LFS box to
> the machine in question, and then created a script in /etc/systemd/scripts
> that first sets the iptables output chain policy to DROP, then adds these
> rules:
>
> iptables -A OUTPUT -m time --starttime 00:00 --stoptime 12:00 -j ACCEPT
> iptables -A OUTPUT -d 192.168.11.0/24 -j ACCEPT

Would being able to alter UTC from the BIOS be reckoned to be a strong
technical skill? And, more to the point, would it work in your situation?

I don't think it would since ntp would just change it back on boot. 

Now, telling Linux that the bios clock isn't utc -- now that would eff things up. But if he gets the access he'd need to do that all bets are off anyway as he could just change the firewall rules. 

Mark

Reply to:

References:
- Limiting internet access by time
  - From: Mark Fletcher <mark27q1@gmail.com>
- Re: Limiting internet access by time
  - From: Brian <ad44@cityscape.co.uk>
- Re: Limiting internet access by time
  - From: Lisi Reisz <lisi.reisz@gmail.com>
- Re: Limiting internet access by time
  - From: Brian <ad44@cityscape.co.uk>
- Re: Limiting internet access by time
  - From: Mark Fletcher <mark27q1@gmail.com>
- Re: Limiting internet access by time
  - From: Dan Ritter <dsr@randomstring.org>
- Re: Limiting internet access by time
  - From: Mark Fletcher <mark27q1@gmail.com>
- Re: Limiting internet access by time
  - From: Dan Ritter <dsr@randomstring.org>
- Re: Limiting internet access by time
  - From: Mark Fletcher <mark27q1@gmail.com>
- Re: Limiting internet access by time
  - From: Brian <ad44@cityscape.co.uk>

Prev by Date: Re: Limiting internet access by time
Next by Date: Re: lost sound upgrading to Jessie
Previous by thread: Re: Limiting internet access by time
Next by thread: Re: Limiting internet access by time
Index(es):
- Date
- Thread