Îãðàíè÷åíèå äîñòóïà ê èíòåðíåòó ïî ðàñïèñàíèþ

[Rung]

ïîñìîòðèòå çäåñü http://www.wl500g.info/showthread.ph...685#post212685

[Timur]

Ïî÷åìó iptables ìîæåò íå ðàáîòàòü? Àíàëîãè÷íî íå ðàáîòàåò ôèëüòðàöèÿ ïî âðåìåíè. Íè ïî MAC, íè ïî IP. Ïðàâèëî ïðîïèñàíî áåç îøèáîê. Ïðîøèâêà WL-500gPv2 1.9.2.7-d-r1000.
Íå ñèëüíî ðàçáèðàþñü â ëèíóõå, áóäó ïðåáëàãîäàðåí çà ïîìîùü.

[Less]

Ïî÷åìó iptables ìîæåò íå ðàáîòàòü? Àíàëîãè÷íî íå ðàáîòàåò ôèëüòðàöèÿ ïî âðåìåíè. Íè ïî MAC, íè ïî IP. Ïðàâèëî ïðîïèñàíî áåç îøèáîê. Ïðîøèâêà WL-500gPv2 1.9.2.7-d-r1000.
Íå ñèëüíî ðàçáèðàþñü â ëèíóõå, áóäó ïðåáëàãîäàðåí çà ïîìîùü.

×òî èìåííî àíàëîãè÷íî?
äàéòå âûâîä êîìàíäû iptables-save

[Timur]

Âîò. Ñåãîäíÿ òåñòèë, - ñòðàííî, òå ïðàâèëà ÷òî ðàáîòàþò â ïðåäåëàõ ïðîìåæóòêà âðåìåíè îäíèõ ñóòîê (íå ïåðåñåêàÿ 00:00, íàïðèìåð ñ 18:00:00 äî 23:00:00) ðàáîòàþò íîðìàëüíî, à âîò ê ïðèìåðó ñ 23:00:00 äî 07:00:00 - íèâêàêóþ... ìîæåò ÿ ÷åãî òóïëþ?

iptables-save

Code:

# Generated by iptables-save v1.3.8 on Sat Jan 16 00:14:12 2010
*nat
:PREROUTING ACCEPT [292483:59361356]
:POSTROUTING ACCEPT [3198:567442]
:OUTPUT ACCEPT [3435:607706]
:VSERVER - [0:0]
-A PREROUTING -d 77.120.89.109 -j VSERVER 
-A PREROUTING -d 172.16.76.153 -j VSERVER 
-A POSTROUTING -s ! 77.120.89.109 -o ppp0 -j MASQUERADE 
-A POSTROUTING -s ! 172.16.76.153 -o vlan1 -j MASQUERADE 
-A POSTROUTING -s 192.168.1.0/255.255.255.0 -d 192.168.1.0/255.255.255.0 -o br0 -j SNAT --to-source 192.168.1.1 
-A VSERVER -p udp -m udp --dport 49891 -j DNAT --to-destination 192.168.1.185:49891 
COMMIT
# Completed on Sat Jan 16 00:14:12 2010
# Generated by iptables-save v1.3.8 on Sat Jan 16 00:14:12 2010
*mangle
:PREROUTING ACCEPT [4573180:3338282908]
:INPUT ACCEPT [1061127:690936046]
:FORWARD ACCEPT [3363223:2602801096]
:OUTPUT ACCEPT [486796:64954148]
:POSTROUTING ACCEPT [3863024:2672813763]
COMMIT
# Completed on Sat Jan 16 00:14:12 2010
# Generated by iptables-save v1.3.8 on Sat Jan 16 00:14:12 2010
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [13398:883786]
:OUTPUT ACCEPT [486695:64911682]
:BRUTE - [0:0]
:MACS - [0:0]
:SECURITY - [0:0]
:logaccept - [0:0]
:logdrop - [0:0]
-A INPUT -m state --state INVALID -j DROP 
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -i lo -m state --state NEW -j ACCEPT 
-A INPUT -i br0 -m state --state NEW -j ACCEPT 
-A INPUT -p udp -m udp --sport 67 --dport 68 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 21 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT 
-A INPUT -j DROP 
-A FORWARD -s 192.168.1.22 -m time --timestart 23:01:00 --timestop 06:59:00 --days Sun,Mon,Tue,Wed,Thu,Fri,Sat -j DROP 
-A FORWARD -s 192.168.1.20 -m time --timestart 11:42:00 --timestop 23:00:00 --days Sun,Mon,Tue,Wed,Thu,Fri,Sat -j DROP 
-A FORWARD -s 192.168.1.20 -m time --timestart 11:35:00 --timestop 11:37:00 --days Sun,Mon,Tue,Wed,Thu,Fri,Sat -j DROP 
-A FORWARD -i br0 -o br0 -j ACCEPT 
-A FORWARD -m state --state INVALID -j DROP 
-A FORWARD -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j TCPMSS --clamp-mss-to-pmtu 
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A FORWARD -i ! br0 -o ppp0 -j DROP 
-A FORWARD -i ! br0 -o vlan1 -j DROP 
-A FORWARD -m conntrack --ctstate DNAT -j ACCEPT 
-A SECURITY -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 1/sec -j RETURN 
-A SECURITY -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 1/sec -j RETURN 
-A SECURITY -p udp -m limit --limit 5/sec -j RETURN 
-A SECURITY -p icmp -m limit --limit 5/sec -j RETURN 
-A SECURITY -j DROP 
-A logaccept -m state --state NEW -j LOG --log-prefix "ACCEPT " --log-tcp-sequence --log-tcp-options --log-ip-options 
-A logaccept -j ACCEPT 
-A logdrop -m state --state NEW -j LOG --log-prefix "DROP " --log-tcp-sequence --log-tcp-options --log-ip-options 
-A logdrop -j DROP 
COMMIT
# Completed on Sat Jan 16 00:14:12 2010

iptables --list

Code:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            state INVALID 
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     all  --  anywhere             anywhere            state NEW 
ACCEPT     all  --  anywhere             anywhere            state NEW 
ACCEPT     udp  --  anywhere             anywhere            udp spt:bootps dpt:bootpc 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ftp flags:FIN,SYN,RST,ACK/SYN 
DROP       all  --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
DROP       all  --  192.168.1.22         anywhere            TIME from 23:01:00 to 06:59:00 on Sun,Mon,Tue,Wed,Thu,Fri,Sat 
DROP       all  --  192.168.1.20         anywhere            TIME from 11:42:00 to 23:00:00 on Sun,Mon,Tue,Wed,Thu,Fri,Sat 
DROP       all  --  192.168.1.20         anywhere            TIME from 11:35:00 to 11:37:00 on Sun,Mon,Tue,Wed,Thu,Fri,Sat 
ACCEPT     all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            state INVALID 
TCPMSS     tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,ACK/SYN TCPMSS clamp to PMTU 
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
DROP       all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            ctstate DNAT 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain BRUTE (0 references)
target     prot opt source               destination         

Chain MACS (0 references)
target     prot opt source               destination         

Chain SECURITY (0 references)
target     prot opt source               destination         
RETURN     tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5 
RETURN     tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 
RETURN     udp  --  anywhere             anywhere            limit: avg 5/sec burst 5 
RETURN     icmp --  anywhere             anywhere            limit: avg 5/sec burst 5 
DROP       all  --  anywhere             anywhere            

Chain logaccept (0 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere            state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `ACCEPT ' 
ACCEPT     all  --  anywhere             anywhere            

Chain logdrop (0 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere            state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `DROP ' 
DROP       all  --  anywhere             anywhere

[Timur]

È âñ¸òàêè íè÷åãî íå ðàáîòàåò, äàæå òàê êàê ÿ íàïèñàë...

Êòî ïîäñêàæåò, êàê ñêàæåòñÿ êîìàíäà iptables -F íà äàëüíåéøåé ðàáîòå ðîóòåðà?

[Mx00]

Ïðîøèâêà WL500gpv2-1.9.2.7-d-r1222
îñíîâíàÿ ïðîáëåìà:
ïðîïèñûâàþ ïðàâèëà çàïðåòà è îíè íå âñåãäà ñðàáàòûâàþ â îòâåäåííîå èì âðåìÿ.
ïðàâèëî ìîæåò ðàáîòàòü íåñêîëüêî äíåé, ïîòîì ïåðåñòàåò îòêëþ÷àòü èíòåðíåò, åñëè ïåðåãðóçèòü ðîóòåð, òî ïðàâèëî îïÿòü íà÷èíàåò ðàáîòàòü

ïðàâèëà ïðîïèñûâàþ è â WAN & LAN Filter è íàïðÿìóþ â iptables

Code:

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
1    DROP       all  --  0.0.0.0/0            0.0.0.0/0           TIME from 23:00:00 to 23:59:59 on Sun,Mon,Tue,Wed,Thu,Fri MAC 00:1D:60:7B:81:03
2    DROP       all  --  0.0.0.0/0            0.0.0.0/0           TIME from 00:00:00 to 07:30:00 on Sun,Mon,Tue,Wed,Thu,Fri,Sat MAC 00:1D:60:7B:81:03
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
4    DROP       all  --  0.0.0.0/0            0.0.0.0/0           state INVALID
5    TCPMSS     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x17/0x02 TCPMSS clamp to PMTU
6    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
7    DROP       all  --  0.0.0.0/0            0.0.0.0/0
8    DROP       all  --  0.0.0.0/0            0.0.0.0/0
9    DROP       tcp  --  192.168.77.4         0.0.0.0/0           TIME from 17:00:00 to 20:00:00 on Sun,Mon,Tue,Wed,Thu,Fri,Sat tcp spts:81:65500
10   ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
11   ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           ctstate DNAT

âòîðàÿ ïðîáëåìà, åñëè ïûòàþñü íàïðÿìóþ âûïîëíèòü êîìàíäó

Code:

iptables -I FORWARD 3 -p tcp -m multiport --port 80,81 -j DROP

âûäàåò ñîîáùåíèå:iptables: No chain/target/match by that name
ïî÷èòàâ ïî ôîðóìàì âðîäå êàê íóæåí xt_tcpudp, íî ïðàâèëî ¹ 9 êàê òî ðàáîòàåò... è áåç xt_tcpudp

ó êîãî êàêèå åñòü ìûñëè è âàðèàíòû âîçíèêíîâåíèÿ òàêîé íåñòàáèëüíîñòè
äà è åù¸ åñòü íþàíñ: ïðè ïåðåçàãðóçêå êîìàíäîé reboot íå âñåãäà íîðìàëüíî ïåðåãðóæàåòñÿ, ïðèõîäèòñÿ îòêëþ÷àòü ïèòàíèå è òîãäà çàãðóæàåòñÿ íîðìàëüíî.

[dramnbass]

à íåëüçÿ ïî êðîíó?
wan0 up/down

[Mx00]

Ìíå íóæíî ñäåëàòü, ÷òîáû îäèí êîìïüþòåð ïåðåñòàë âûõîäèòü â èíòåðíåò, à äðóãèå ñåññèè íå äîëæíû îáðûâàòüñÿ, òåì áîëåå ïî êðîíó, ìàëî ëè ÷òî ó ìåíÿ òàì âàæíîå â ýòî âðåìÿ ïðîèñõîäèò :-)

... âèäèìî íå ïðàâèëüíî íàïèñàë âîïðîñ, ðàç íè êòî íå ìîæåò íè÷åãî ïîñîâåòîâàòü... èëè âîêðóã òàêèå æå ëàìåðû êàê ÿ ;-)

[TReX]

Ìíå íóæíî ñäåëàòü, ÷òîáû îäèí êîìïüþòåð ïåðåñòàë âûõîäèòü â èíòåðíåò, à äðóãèå ñåññèè íå äîëæíû îáðûâàòüñÿ, òåì áîëåå ïî êðîíó, ìàëî ëè ÷òî ó ìåíÿ òàì âàæíîå â ýòî âðåìÿ ïðîèñõîäèò :-)

... âèäèìî íå ïðàâèëüíî íàïèñàë âîïðîñ, ðàç íè êòî íå ìîæåò íè÷åãî ïîñîâåòîâàòü... èëè âîêðóã òàêèå æå ëàìåðû êàê ÿ ;-)

Ñòðàííî, â âåòêå RT-N åñòü î÷åíü ïîõîæàÿ ñèìïòîìàòèêà http://code.google.com/p/wl500g/source/detail?r=1426

[lenser]

Äåíü äîáðûé âñåì!
âîïðîñ ìîæåò áûòü ïðèìèòèâíûé â ñèëó ñëàáîãî âëàäåíèÿ ëèíóêñ, íî î÷åíü àêòóàëüíûé:
Ðîóòåð Asus RT-N16 c ïîñëåäíåé ïðîøèâêîé îò Îëåãà+"ýíòóçèàñòû"
ñîåäèíåíèå ñ èíòåðíåò ïî L2TP
íåîáõîäèìî ñîñòàâèòü ðàñïèñàíèå îãðàíè÷èâàþùåå äîñòóï â èíòåðíåò ïî ÷àñàì è äíÿì íåäåëè.

Êàê ïîíèìàþ ìîæíî ñäåëàòü ÷åðåç cron, íî ê ñîæàëåíèþ íå âëàäåþ...
Ïîøàãîâóþ èíñòðóêöèþ ñ ïðèìåðîì äëÿ íîâè÷êà íå äàäèòå?

Ðåáåíîê ÿâíî çëîóïîòðåáëÿåò, à ïî ôîðóìó ïîèñêàë âðîäå íå îáñóæäàëîñü, íó èëè òêíèòå ïàëüöåì åñëè ïðîïóñòèë...

Çàðàíåå ñïàñèáî

[yuraz]

Äåíü äîáðûé âñåì!
âîïðîñ ìîæåò áûòü ïðèìèòèâíûé â ñèëó ñëàáîãî âëàäåíèÿ ëèíóêñ, íî î÷åíü àêòóàëüíûé:
Ðîóòåð Asus RT-N16 c ïîñëåäíåé ïðîøèâêîé îò Îëåãà+"ýíòóçèàñòû"
ñîåäèíåíèå ñ èíòåðíåò ïî L2TP
íåîáõîäèìî ñîñòàâèòü ðàñïèñàíèå îãðàíè÷èâàþùåå äîñòóï â èíòåðíåò ïî ÷àñàì è äíÿì íåäåëè.

Êàê ïîíèìàþ ìîæíî ñäåëàòü ÷åðåç cron, íî ê ñîæàëåíèþ íå âëàäåþ...
Ïîøàãîâóþ èíñòðóêöèþ ñ ïðèìåðîì äëÿ íîâè÷êà íå äàäèòå?

Ðåáåíîê ÿâíî çëîóïîòðåáëÿåò, à ïî ôîðóìó ïîèñêàë âðîäå íå îáñóæäàëîñü, íó èëè òêíèòå ïàëüöåì åñëè ïðîïóñòèë...

Çàðàíåå ñïàñèáî

Òóò ýòî ñäåëàíî êîìàíäîé iptables

http://www.wl500g.info/showthread.ph...E1%E5%ED%EE%EA

ïðî÷èòàéòå ýòó òåìó òàì êàê ðàç îãðàíè÷åíèå äîñòóïà
ïî âðåìåíè êîíêðåòíîé ìàøèíû ïî ÌÀÊ àäðåñó!

î÷åíü õîðîøî ïîäõîäèò äëÿ îãðàíè÷åíèÿ èíòåðíåòà äëÿ ðåáåíêà
ïðè óñëîâèè ÷òî ó ðåáåíêà ñâîé êîìïüþòåð!

åñëè ó âàñ ñ ðåáåíêîì îäíà ìàøèíà,
íóæíî èñêàòü èíîé ïóòü îãðàíè÷åíèÿ
ñàìè òîãäà íå âîéäåòå â èíòåðíåò âå÷åðîì - êîãäà íàäî

[lenser]

[QUOTE=yuraz;214283]Òóò ýòî ñäåëàíî êîìàíäîé iptables

Ñïàñèáî çà íàâîäêó! Ýòî âîîáùå èäåàëüíûé âàðèàíò...

[AciDSAS]

Òî÷êà — WL-500G Deluxe, ïðîøèâêà — 1.9.2.7-d-r1445.
Íå ðàáîòàåò URL Filter. Âåðíåå ðàáîòàåò íå ïðàâèëüíî.
Íàñòðîèë ÷òîá ôèëüòðîâàë odnoklassniki.ru ñ 10 äî 19 êðîìå ñóááîòû è âîñêðåñåíüÿ. Âðåìÿ 19:57 — îäíîêëàññíèêè âñå åùå íå ðàáîòàþò

Code:

  269  237K DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           TIME from 10:00:00 to 19:00:00 on Mon,Tue,Wed,Thu,Fri webstr: url games.mail.ru 
   56 41414 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           TIME from 10:00:00 to 19:00:00 on Mon,Tue,Wed,Thu,Fri webstr: url odnoklassniki.ru 
  123 72433 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           TIME from 10:00:00 to 19:00:00 on Mon,Tue,Wed,Thu,Fri webstr: url fishki.net 
  400  223K DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           TIME from 10:00:00 to 19:00:00 on Mon,Tue,Wed,Thu,Fri webstr: url vkontakte.ru 
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           TIME from 10:00:00 to 19:00:00 on Mon,Tue,Wed,Thu,Fri webstr: url vk.com

Code:

[admin@WL-0011D824618E root]$ date
Wed Apr 28 19:57:57 MSD 2010

[AciDSAS]

 20.00 çàðàáîòàëè îäíîêëàññíèêè...
Íî ÷òî-òî íå òàê... äîëæíî áûëî âêëþ÷èòüñÿ â 19, à âêëþ÷èëîñü â 20. Èíòåðåñíî, âî ñêîëüêî ïåðåñòàíåò ðàáîòàòü? â 10.00 èëè â 11.00?
Ãäå íàéòè ïàðàìåòðû ìîäóëÿ ipt_webstr?

[Briz]

Ïîìîãèòå ðàçîáðàòüñÿ: õî÷ó äîáàâèòü â URL Filter íîâûé àäðåñ ñàéòà, êîòîðûé çàãðóæàåòñÿ â íîâîì îêíå ïðè îòêðûòèè ñòðàíèöû ñ ðåçóëüòàòîì ïîèñêà íóæíîãî ìíå ñàéòà. À ñ íèì ñîîòâåòñòâåííî è ðàçíûå áàíåðû è ïð.

Äî ýòîãî ìíå óäàâàëîñü âáèâàòü îäíó ñòðîêó ñðàçó ïîñëå îáíîâëåíèÿ ïðîøèâêè äî ïîñëåäíåé âåðñèè. È âñ¸! Ò.å. ñëåäóþùèé ðàç òîëüêî ïîñëå ïåðåïðîøèâêè, èëè â èñêëþ÷èòåëüíî ðåäêèõ ñëó÷àÿõ.

Ïðîèñõîäèò ñëåäóþùåå: ââîæó â ïîëå àäðåñ, íàæèìàþ "Add", ïîÿâëÿåòñÿ ëèøü àáñîëþòíî ÷èñòàÿ ñòðàíèöà (ñêîëüêî íå æäè îíà íå èçìåíèòüñÿ).

 ñïèñêå óæå åñòü íåñêîëüêî àäðåñîâ:

Code:

bannerbank
adskape

Íî è îíè íå îòôèëüòðîâûâàþòñÿ, õîòÿ ñàì ôèëüòð âêëþ÷¸í íà âñå äíè íåäåëè. Íà äðóãèõ ìîäåìàõ/ðîóòåðàõ (îðèãèíàëüíûå ïðîøèâêè DIR-300 è ADSL-2640) ïîäîáíîå âáèâàíèå àäðåñîâ ïðèâîäèò ê ôèëüòðàöèè, à çäåñü ñîâñåì áåäà!

Ñ ïîìîùþ HTTPWatch Pro v7.0.23 îïðåäåëèë âñ¸ æå, ÷òî àäðåñ åñëè è ââîäèòüñÿ, òî êîìàíäîé

Code:

http://my.router/apply.cgi?current_page=Advanced_URLFilter_Content.asp&next_page=SaveRestart.asp&next_host=my.router&sid_list=FirewallConfig%3B&group_id=UrlList&modified=0&action_mode=+Add+&first_time=&action_script=&url_enable_x=1&url_date_x=1111111&url_date_x_Sun=on&url_date_x_Mon=on&url_date_x_Tue=on&url_date_x_Wed=on&url_date_x_Thu=on&url_date_x_Fri=on&url_date_x_Sat=on&url_time_x=00002359&url_time_x_starthour=00&url_time_x_startmin=00&url_time_x_endhour=23&url_time_x_endmin=59&url_num_x_0=4&UrlList=+Add+&url_keyword_x_0=slylog

Ê ñîæàëåíèþ, ìåíÿÿ ëèøü àäðåñ íà êîíöå ñòðîêè ïîïðàâèòü ïîëîæåíèå íå ïîëó÷èòüñÿ, íàäî ó÷èòûâàòü åù¸ è âðåìÿ ââîäà è ïð.