You could also use the IPTables time patch instead of using a crontabs entry that enables and disables the rule at specific times. > Just a side note, if the kid isn't savvy today he will be tomorrow, and > could change the ip address of his machine. > > If you have other machines and allow your internal class C to get out, you > could restrict the kid's machine by mac address matching, as it is a > little > harder to forge. Not impossible, but harder than changing an IP address. > > Just my $.02. > > -=Ray > --------------------------------------- > [Inexperienced] pilots are really blind in the air for the first couple of > months. > Colonel Erich "Bubi" Hartmann, GAF, World's Leading Ace, Luftwaffe, WWII, > 352 Victories > > >> -----Original Message----- >> From: Joel Newkirk [mailto:firewalldude@xxxxxxxxxx] >> Sent: Wednesday, October 22, 2003 5:35 PM >> To: sbisgaard@xxxxxxxxxxxxxx >> Cc: netfilter@xxxxxxxxxxxxxxxxxxx >> Subject: Re: Time changes >> >> >> On Wed, 2003-10-22 at 15:44, Steffen Bisgaard - Xtrasource wrote: >> > Hallo list, >> > >> > A quick question: Is it possible to block access to and >> from a PC (say >> > 10.2.0.3) at a specific time, for example 21:00, and re-enable it at >> > 08:00 the next day using iptables - and if so how?? Yes this is the >> > kids PC... >> > It used to be real simple with ipfw - I can't remember the >> syntax but >> > something along the lines of ipfw -add (or -remove) deny (or allow) >> > 10.2.0.3 all >> > >> > Any ideas? Or do I need two separate iptables scripts? >> >> Not full scripts. Try creating two cron jobs - one running >> at 21:00 the >> other at 08:00. One is just: >> iptables -I FORWARD 1 -s 10.2.0.3 -j REJECT >> the other >> iptables -D FORWARD -s 10.2.0.3 -j REJECT >> >> j >> >> >> > Thanks, Josh Berry, CTO LinkNet-Solutions 469-831-8543 josh.berry@xxxxxxxxxxxxxxxxxxxxx
