On Sun, 6 Jul 2008, Daniel Staal wrote:
> --As of July 5, 2008 10:43:48 PM -0400, Woodchuck is alleged to have said:
>
> > What would be wrong with just adding a pair of rules:
> >
> > block drop quick from any to 192.168.1.100
> > block drop quick from 192.168.1.100 to any
> >
> > supposing .100 is the Xbox?
> >
> > Have two pf.confs and a cron job. One would also want to flush
> > state during the load. I dunno if this is automatic or not.
>
> --As for the rest, it is mine.
>
> Nothing really, besides the complexity (and insecurity) of the _other_
> pf.conf: The Xbox needs several ports open, both in and out, including
> receiving data on random ports. Using the UPnP setup you can have only those
> ports _actually in use_ open, and they will automatically close when the the
> XBox is turned off, even if it is during the 'allowed' times. (Or, actually,
> when they time out, but that would just be a few minutes.)
I just did some reading on UPnP. It is scary.
> Also, we haven't discussed whether the XBox has a static address: I assume you
> could assign one, but using UPnP you can do this (easily) with a dynamic
> address.
Sure.
> There is also a side benefit: Many common chat programs will also use UPnP (or
> the other common protocol for the same purpose, which the daemon also
> supports), so this would automatically shut them down for the night as well.
For the whole network, though, not the miscreant, right?
> Anyway, I mostly wanted to mention it as an option, partly because when I went
> looking for a daemon to support that protocol (for a couple of other things),
> it took me a while to find one.
Looking at some of the UPnP spex, I'd recommend never connecting
the Xbox to the same LAN as anything valuable.
To be taken lightheartedly, with a grain of salt, but still there's
a grain of truth here: instead, control the child's excess gaming
behavior in some other way, like a court order, a padlock, a father,
or simply let him go ahead with it. Technical solutions to problems
of character seldom work in the way expected. This one will lead
predictably to rage, and when that cools, evasion. Or it might
lead to the kid learning enough 'nix to thwart the tech.
Dave
--
The future isn't what it used to be.
-- G'kar
_______________________________________________
Openbsd-newbies mailing list
[email protected]
http://mailman.theapt.org/listinfo/openbsd-newbies
