Re: Xbox 360 blocking, parental control

Sat, 05 Jul 2008 21:02:16 -0700 

On Sat, 5 Jul 2008, Daniel T. Staal wrote:

> On Sat, July 5, 2008 6:10 pm, Ed  D. wrote:
> > Hi,
> >      I have a friend who's a single mother, that has
> > a problem with an out of control teenaged son
> > playing Xbox 360 to all hours of the night.
> >
> > I suggested her having me build her a firewall
> > that could be used to shut off Xbox traffic to
> > the Internet at times when she chooses to.
> > For example between certain hours..
> >
> > Has anybody done this?
> >
> > I didn't want to re-invent the wheel if I could
> > benefit from soembody else's experience.
> >
> > Would appreciate any advice from people
> > who've already done this, like what needs to
> > be blocked for one.
> 
> I haven't actually worked with an XBox, but from what I read it uses UPnP
> to negotiate a way through a firewall.  There is no support for that
> protocol in the OpenBSD install.  So, a default-deny policy should stop
> the Xbox.
> 
> To support the protocol, there is a deamon that someone has written that
> works with PF, but there isn't a port of it yet.  (I think the
> documentation doesn't live up to OpenBSD standards.) It's homepage is:
> http://miniupnp.free.fr/
> 
> Microsoft has a technote on what ports are needed at:
> http://support.microsoft.com/kb/911728
> 
> I'd try setting up a default-deny system, that blocks egress on most of
> those ports as well, then have the miniupnp daemon on a cron job, so it
> was only active at certain times of the day.  It can open the ports as
> needed while it is running and the rest of the time the ports would be
> closed.
> 
> Daniel T. Staal

What would be wrong with just adding a pair of rules:

block drop quick from any to 192.168.1.100
block drop quick from 192.168.1.100 to any

supposing .100 is the Xbox?

Have two pf.confs and a cron job.  One would also want to flush
state during the load.  I dunno if this is automatic or not.

This all depends on the malefactor not having the smarts to unplug
his toy from the firewall and plug it into the cable modem or whatever.

I think that *blocking* the lad is easy.  Am I missing something?
I don't pretend to expertise in this area.

Is there a way to write those two rules as one?

Dave
-- 
               The future isn't what it used to be.
                             -- G'kar
_______________________________________________
Openbsd-newbies mailing list
[email protected]
http://mailman.theapt.org/listinfo/openbsd-newbies

Reply via email to