Rod.. Whitworth wrote: > On Sat, 24 Sep 2005 13:29:18 +0300, Kiraly Zoltan wrote: > >>I want to build a home network using OpenBSD as gateway. A child in >>network have a computer, and like to surf the Internet. I want to drop >>her Internet connection at night (11:00AM) because the child don't go to >>sleep. >> > 11 AM at night is a very strange time seeing that AM literally means > before noon.... > >>I don't want to unplug the network cable, i need to do this job with >>OpenBSD. >> >>Exist a proxy server or solution which limit the Internet connection >>using time? An example: Drop internet connection at 11:AM night and >>allow Internet at 6:00 AM morning. >> >>Thank you very much >> >> > > > How about two pf.conf files (pf6to23.conf and pf 23to6.conf) and a > couple of cron entries to do pfctl -f pf6to23.conf and pfctl -f > pf23to6.conf ?
and put a pf.conf that matches the one you want to have at boot time. You may may not want someone bumping the reset button or power switch and having the system default to [insert your undesired case here. And don't be sure your first answer will be your final answer!] > I am sure you can work out the rules. Watch out for established > connections keeping state. Flushing those might be good. It varies with > your other needs. A few other tips... Hard code the MAC address of machines you DON'T want to turn off into dhcpd.conf, so they always get the same address, and add those addresses to an "always on" table. Add/remove the switched nodes by cron job/menu/whatever. I found that easier than the two PF rules files, as I kept forgetting to make changes to both/all copies. Run a self-poisoned DNS resolver so you can point completely undesired sites at something harmless, filter all dns traffic so only your firewall can get to the outside, and the inside people can get only to your DNS resolver. http://www.holland-consulting.net/tech/imblock.html I've done stuff like this at schools. Interesting results. The students actually seemed to like the DNS blocking -- they would regularly bring us sites to block (typically, pop-up hells or porn sites that were easy typos or misspellings of "good" sites for students). I had it set so the teachers could turn the lab on and off relatively easily (off easier than on...tap a key and run out the door and kill the 'net if needed). First year it was in use, it was ignored. Second and third years (two different teachers), it was well used. Fourth year, teacher figured she was in the room most of the time, and the room layout (teacher could see all monitors easily, students couldn't easily tell if teacher was watching), and turned it on and left it. She then forgot about the thing, and whenever the firewall would be rebooted, I'd get a call about the lab not being able to get to the Internet. :) Moral: Technology is cool. But good supervision beats technology every time. Nick.
