On Fri 05 Aug 2016 at 13:48:54 -0400, Dan Ritter wrote: > On Fri, Aug 05, 2016 at 03:49:28PM +0000, Mark Fletcher wrote: > > On Fri, Aug 5, 2016 at 11:04 PM Brian <a...@cityscape.co.uk> wrote: > > > > I didn't mention earlier, and I'm not sure if it is relevant, but the > > computer connects via WiFi to my access point, which is also my network's > > internet gateway -- with an LFS box between it and the cable modem as a > > dedicated firewall. I don't trust the non-free firewall in the AP, although > > I have left it on. The rest of my network is not to be subject to this 9pm > > curfew. And I would ideally like connectivity between this machine and the > > rest of my local network to remain even when the internet is denied to this > > machine, so I can do remote maintenance when he's not using the machine, > > for example. > > > I have a new suggestion, based on this. > > Do all the filtering on your LFS box. > > Match your kid's machine by MAC address. > > Write two tiny scripts: > > #!/bin/sh > iptables -D FORWARD -m mac --mac-source 58:63:1a:af:71:72 -j DROP > > > #!/bin/sh > iptables -I FORWARD -m mac --mac-source 58:63:1a:af:71:72 -j DROP > > (substituting in the appropriate MAC address for the machine, of > course) > > and run the first one at 9 PM to disable internet access, and > run the second one at 8 AM or whatever to re-enable it. Cron is > your friend.
For this particular situation (LFS=Linux From Scratch?) this does appear to be the easiest (less work) and most obvious solution.
