JD Kitch wrote: >What is the best way to lock down a specific internal IP address, >and specifically run updates via a cron job. I'm looking to limit >my kids machines access to the internet to only specific times of >the day, and would like to do that via cron so we're not constantly >messing with it. Their two machines are always the same IP >addresses. ( <http://192.168.1.50>192.168.1.50 and ><http://192.168.1.51>192.168.1.51) My Linux box is running Ubuntu >and functions as gateway/dhcp/firewall/content filter. I'm running >Shorewall 3.2.6.
It's not really that Shorewall specific ... Firstly, although you can configure DHCP to give certain IPs to certain machines, it doesn't prevent a user setting their network settings - so you will probably want to filter by mac address/ip so that if they change their settings their machines don't get an internet connection. After that, I suggest having either two rules files or two params files, symlink Shorewall's file to the one required, and restart Shorewall. eg : ln -sf /etc/shorewall/rules.day /etc/shorewall/rules shorewall -q restart or you could make the file a parameter : ln -sf /etc/shorewall/rules.$1 /etc/shorewall/rules shorewall -q restart and in crontab call it thus : ....... /usr/local/bin/shorewall-mode day ....... /usr/local/bin/shorewall-mode night Don't forget that you don't need to duplicate everything in the rules file, you can have just the variable rules in the mode specific files and INCLUDE a common rules files for everything else. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
