Just a side note, if the kid isn't savvy today he will be tomorrow, and could change the ip address of his machine.
If you have other machines and allow your internal class C to get out, you could restrict the kid's machine by mac address matching, as it is a little harder to forge. Not impossible, but harder than changing an IP address.
Just my $.02.
-=Ray
---------------------------------------
[Inexperienced] pilots are really blind in the air for the first couple of months.
Colonel Erich "Bubi" Hartmann, GAF, World's Leading Ace, Luftwaffe, WWII, 352 Victories
> -----Original Message-----
> From: Joel Newkirk [mailto:firewalldude@xxxxxxxxxx]
> Sent: Wednesday, October 22, 2003 5:35 PM
> To: sbisgaard@xxxxxxxxxxxxxx
> Cc: netfilter@xxxxxxxxxxxxxxxxxxx
> Subject: Re: Time changes
>
>
> On Wed, 2003-10-22 at 15:44, Steffen Bisgaard - Xtrasource wrote:
> > Hallo list,
> >
> > A quick question: Is it possible to block access to and
> from a PC (say
> > 10.2.0.3) at a specific time, for example 21:00, and re-enable it at
> > 08:00 the next day using iptables - and if so how?? Yes this is the
> > kids PC...
> > It used to be real simple with ipfw - I can't remember the
> syntax but
> > something along the lines of ipfw -add (or -remove) deny (or allow)
> > 10.2.0.3 all
> >
> > Any ideas? Or do I need two separate iptables scripts?
>
> Not full scripts. Try creating two cron jobs - one running
> at 21:00 the
> other at 08:00. One is just:
> iptables -I FORWARD 1 -s 10.2.0.3 -j REJECT
> the other
> iptables -D FORWARD -s 10.2.0.3 -j REJECT
>
> j
>
>
>
