Hi Kirk, Hi Peter, Thank you both for your quick and inspiring answers. I think I will first try setting up a table and continue with scripting around pfctl -vt tablename -T show as proposed by both of you.If I run into problems I will have a go at the solution with labels.
Yours, Sebastian PS: @ Peter: your book is amazing. If I hadn't purchased it already I would have asked for a signed copy :-) S. ----------------ursprüngliche Nachricht----------------- Von: "Kirk Ismay" k...@ismay.ca An: "Sebastian Singer" sebastian.sin...@kesslar.de Kopie: "pf benzedrine.cx" Datum: Fri, 12 Apr 2013 10:23:47 -0700 ------------------------------------------------- > On 2013-04-12 1:34 AM, Sebastian Singer wrote: >> >> Just one thing: Please stick to the technical focus of the question. >> Educational advice need not be given as I have received enough of it >> in the past already. And as far as I have seen and heard I am not the >> only father having to deal with these kind of problems. Thank you. > Sebastian, > > On our family Windows box, I use this to limit the time on the computer > and ensure fair use: > http://www.timesupkidz.com/ > > It can be set to allow 1/2 hour of use and force a 15 minute break, for > example. It also has time of day restrictions. You mention WoW and > Minecraft, so windows use is a fair assumption here. > > To use PF to enforce restrictions, you could have Cron update a PF table > and add or remove all the ip's (the xbox, tablet, windows box, etc) > based on the time of day. Once you've got the table in place, you can > either do blocking rules (no access to WoW server for ips in the table), > or altq rules (throttle access to a list of IPs from the table). > > A shell/perl/whatever script run from cron could also be used to parse & > tally data used by IP from PF. Assuming you have a table called > internal listing all your IPs on your lan, the following command shows > how much data has been used per ip: > > pfctl -v -t internal -Tshow > 192.168.1.12 > Cleared: Fri Apr 12 08:13:16 2013 > In/Block: [ Packets: 0 Bytes: > 0 ] > In/Pass: [ Packets: 125 Bytes: > 9395 ] > Out/Block: [ Packets: 0 Bytes: > 0 ] > Out/Pass: [ Packets: 91 Bytes: > 6460 ] > > > AuthPF can be used to further alter pf rules, requiring your son to log > in to the gateway using ssh: > http://www.openbsd.org/faq/pf/authpf.html > > PuTTy for windows has an ssh-agent, so it should be possible to quietly > log him in to the gateway from his windows account by adding it to his > startup folder. Look at plink and pagent commands > http://the.earth.li/~sgtatham/putty/ > > Hope that helps. > > ~ Kirk > --