Julio Gutierrez wrote: >hi all you all know that when I posted is because I needed help getting that >information about kepping the users off the net, not for smart remarks about >doing something evil to these users, I wanna do it just because sometimes >they "mis-use" their internet connection, I don't totally wanna kick them >off, just restrict certain usage @ sometimes during the day...so if you guys >don't have any information regarding this issues please don't post any >remarkful or sarcastic messages, you're just wasting bandwidth & >webspace..... > >Thanks > >Julio > > > >------------------------------------------------------------------------ > >Want to buy your Pack or Services from MandrakeSoft? >Go to http://www.mandrakestore.com > If you want to keep users off the internet part of the day, use iptables.
Write one script to DROP input from the IP address of the closed machine Write one script to clear that rule Now setup cron jobs to call the blocker script at the beginning of the time you want to prohibit access (or times--cron is very flexible) and other jobs to clear the blocker when you want to permit access. You will need to experiment with the iptables rules a little, but look in http://www.linuxdoc.org/LDP/nag2/x-087-2-firewall.future.html for some examples Something like iptables input -A -s useripaddress -j DROP would chop them off the net.... For the restore script we need something a little more refined first do iptables input -L to get a list of rules in effect, then make a script implementing all of those rules and head it with a Flush iptables input -F input rules... input rules .... This restores the rules without the DROP. basically you have closed all services from the gateway with that drop. You could allow local services from the gateway (including mail from the internet if you have the maqilserver there) and still close internet access by putting the DROP in the forwarding chain instead iptables forward -A -s useripaddress -j DROP but the forwarding list is likely to be more complicated. Anyway one rule for each cut off user is one way to do it--another is one rule for an address range, and then stick the abusing users in that address range. Either way, doing it this way is best based on static addresses, not the dhcp supplied in the default gateway setup. In other words, this will require some study and tinkering--none of the standard tools will do quite what you want. Civileme
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
