On Fri, Aug 05, 2016 at 03:49:28PM +0000, Mark Fletcher wrote: > On Fri, Aug 5, 2016 at 11:04 PM Brian <a...@cityscape.co.uk> wrote: > > I didn't mention earlier, and I'm not sure if it is relevant, but the > computer connects via WiFi to my access point, which is also my network's > internet gateway -- with an LFS box between it and the cable modem as a > dedicated firewall. I don't trust the non-free firewall in the AP, although > I have left it on. The rest of my network is not to be subject to this 9pm > curfew. And I would ideally like connectivity between this machine and the > rest of my local network to remain even when the internet is denied to this > machine, so I can do remote maintenance when he's not using the machine, > for example.
I have a new suggestion, based on this. Do all the filtering on your LFS box. Match your kid's machine by MAC address. Write two tiny scripts: #!/bin/sh iptables -D FORWARD -m mac --mac-source 58:63:1a:af:71:72 -j DROP #!/bin/sh iptables -I FORWARD -m mac --mac-source 58:63:1a:af:71:72 -j DROP (substituting in the appropriate MAC address for the machine, of course) and run the first one at 9 PM to disable internet access, and run the second one at 8 AM or whatever to re-enable it. Cron is your friend. -dsr-
