Yes, an AIF plugin would be the way to do this.
An alternative quick and dirty method would be to add something like this to
the AIF custom-rules script:
-- /mnt/kd/arno-iptables-firewall/custom-rules --
# Put any custom (iptables) rules here down below:
##################################################
unset IFS
for shost in 0/0; do
echo "[CUSTOM RULE] Deny LAN->EXT for '$shost' traffic from 7:00 pm to 7:00
am"
iptables -A LAN_INET_FORWARD_CHAIN -s $shost -m time \
--timestart 00:00:00 --timestop 07:00:00 \
--weekdays Mon,Tue,Wed,Thu,Fri,Sat,Sun --kerneltz \
-j DROP
iptables -A LAN_INET_FORWARD_CHAIN -s $shost -m time \
--timestart 19:00:00 --timestop 23:59:59 \
--weekdays Mon,Tue,Wed,Thu,Fri,Sat,Sun --kerneltz \
-j DROP
done
--
This would block *all* traffic from any LAN interface to the outside world for
the times specified.
Replace 0/0 with a space separated list of LAN IP's or CIDR's for more
refinement.
Be sure to test, have fun. :-)
Lonnie
On Sep 14, 2012, at 10:06 AM, David Kerr wrote:
> Sounds like a great idea for a firewall plugin. Doesn't the adaptive ban
> firewall run a script that wakes up every 90 seconds or so and check for bad
> things? You could create a plugin script like that wakes up every 5 minutes
> say, checks for rules to add or remove, does it thing and goes back to sleep.
> GUI interface could be limited to editing a firewall plugin conf file.
> Hardest part is probably designing a syntax for the conf file.
>
> David
>
>
> On Fri, Sep 14, 2012 at 10:32 AM, Graham S. Jarvis <gsjar...@pt.lu> wrote:
> Hello All,
>
> I've been working on this for a while and have a very crude system working
> with
> cron job scripts creating various dnsmasq.static files and restarting dnsmasq,
> but I think there has to be a better way and one that can be made part of the
> GUI.
>
> There was some discussion (Lonnie) about trying to get something built into
> Arno's firewall but I don't think it went far....
>
> What's needed is an easy way to stop certain PC's on the network getting out
> to
> the Internet at certain times of the day/week/month but to still allow them
> access to local storage/print services.
>
> All ideas gratefully received!
>
> -Graham-
>
> ------------------------------------------------------------------------------
> Got visibility?
> Most devs has no idea what their production app looks like.
> Find out how fast your code is with AppDynamics Lite.
> http://ad.doubleclick.net/clk;262219671;13503038;y?
> http://info.appdynamics.com/FreeJavaPerformanceDownload.html
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
> pay...@krisk.org.
>
> ------------------------------------------------------------------------------
> Got visibility?
> Most devs has no idea what their production app looks like.
> Find out how fast your code is with AppDynamics Lite.
> http://ad.doubleclick.net/clk;262219671;13503038;y?
> http://info.appdynamics.com/FreeJavaPerformanceDownload.html_______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
> pay...@krisk.org.
------------------------------------------------------------------------------
Got visibility?
Most devs has no idea what their production app looks like.
Find out how fast your code is with AppDynamics Lite.
http://ad.doubleclick.net/clk;262219671;13503038;y?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
