Tom Eastep wrote: > Rich Wales wrote: >> I'm currently using Shorewall 3.4.1 to manage a firewall for my LAN at >> home. It works very well, and I'm definitely pleased, but . . . . >> >> I now have a situation where I need to enforce access restrictions on >> a specific computer during specific times of day -- e.g., a particular >> computer might have no Internet access at all between 10 PM and 6 AM. >> >> Is there any way to do such a thing using Shorewall? If not, can anyone >> suggest another tool I could try using on my firewall to do this? >> >> I know I could use something like SquidGuard to limit web browsing from >> specific systems during specific time ranges, but I need to limit other >> forms of access too (e.g., IM chatting). >> > > Run cron jobs that do this at 10 PM: > > shorewall reject <ip address> > > and do this at 6 AM > > shorewall allow <ip address> > > You'll want BLACKLISTNEWONLY=No in shorewall.conf > > Other people do this with two shorewall configurations, one for day and one > for night. Then, at 10PM: > > shorewall restart /etc/shorewall.night > > And at 6AM > > shorewall restart /etc/shorewall.day > > The .day and .night directories only need to contain the config files that > are different between day and night (probably just the rules file).
And if you are worried about maintaining two copies of common rules, then
put the common rules in /etc/shorewall/rules.common and then have
/etc/shorewall.day/rules:
INCLUDE rules.common
/etc/shorewall.night/rules:
REJECT loc:<ip addr>[,...] net
INCLUDE rules.common
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
