On Fri, 2014-03-14 at 15:58 +0200, Danny wrote:
> Hi,
>
> Can you please check if the following rule is correct. The purpose of this rule
> is to allow only access to youtube from 15:00 to 18:00
>
> iptables -A OUTPUT -p tcp --dport 80 -d 208.65.153.238 -m time --timestart 15:00 --timeend 18:00 -j ACCEPT
> iptables -A OUTPUT -p tcp --dport 80 -d 208.65.153.238 -j REJECT
>
> How can I modify the above rule to block a specific IP or MAC address from my
> internal network to access youtube at specific times?
>
> Thank you guys
>
> Have a nice day
>
> Danny
Danny,
I hate to break this to you... but Youtube is served by hundreds of IP
Addresses. Depnding on time of day, the round robin DNS, the cname
rotation and various other things like locations and source netowrk
(your ISP). My current list shows a completely different set of IP
Addresses that even is close your IP Address here at home
(173.194.46.32-46), at Work I get a different set (74.125.225.192-206)
If you are going to do that properly, you'll need to use either
transparent proxy or force the browsers to use something like squid and
then use name based ACLs with the time restrictions.
Good Luck.
--
greg folkert - systems administration and support
web: donor.com
email: greg@xxxxxxxxx
phone: 877-751-3300 x416
direct: 616-328-6449 (direct dial and fax)
"There's something to be said in favor of working in isolation in the
real world."
-- A. R. Ammons
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
