Îãðàíè÷åíèå äîñòóïà ê èíòåðíåòó ïî ðàñïèñàíèþ

Printable View

Show 40 post(s) from this thread on one page

11-02-2011, 08:44
FilimoniC

Quote:

Originally Posted by dr.Johanson

Çäðàâñòâóéòå , ãîñïîäà.
Òàêóþ çàäà÷ó ðåàëèçîâàòü õîòåëîñü áû.
Åñòü 3 êîìïà, ïîäêëþ÷åíû ê ðîóòåðó.Íóæíî ÷òîáû íà îäèí êîìï èíòåðíåò áûë ïî âðåìåíè: íàïðèìåð ñ 15 00 äî 19 00 îí åñòü, à â îñòàëüíîå âðåìÿ îí îòñóòñòâóåò.

cron+iptables âàì â ïîìîùü è ntp
È, äà, ñ äèò¸ì ëó÷øå òàê íå ïîñòóïàòü, ÈÌÕÎ.
11-02-2011, 09:08
VicSer

Quote:

Originally Posted by dr.Johanson

Óãó, ñïàñèáî, íóæíî ïî÷èòàòüñÿ áóäåò.

Ìîæíî åù¸ ïî÷èòàòü â ýòîé òåìå. Åñòü òàì õîðîøèå ïðèìåðû.
11-02-2011, 09:08
ryzhov_al

Quote:

Originally Posted by dr.Johanson

Åñòü 3 êîìïà, ïîäêëþ÷åíû ê ðîóòåðó.Íóæíî ÷òîáû íà îäèí êîìï èíòåðíåò áûë ïî âðåìåíè: íàïðèìåð ñ 15 00 äî 19 00 îí åñòü, à â îñòàëüíîå âðåìÿ îí îòñóòñòâóåò.

Â ïîèñêå ïî êëþ÷åâîìó ñëîâó "îãðàíè÷åíèå".

Quote:

Originally Posted by FilimoniC

cron+iptables âàì â ïîìîùü è ntp
È, äà, ñ äèò¸ì ëó÷øå òàê íå ïîñòóïàòü, ÈÌÕÎ.

òîëüêî âñòðîåííûé ñîôò, áåç cron'a:

Code:

iptables -I FORWARD 1 -m time --timestart 19:00:00 --timestop 15:00:00 --days Mon,Tue,Wed,Thu,Fri,Sun,Sat -m mac --mac-source õõ:õõ:õõ:õõ:õõ:õõ -o ppp0 -j DROP
13-02-2011, 10:12
wig

iptables -m time. Чота не желают работать 2 time правила в цеп&a

Делаю как обычно:
iptables -N CHILD
iptables -A CHILD -j DROP
iptables -I FORWARD 1 -m mac --mac-source xx:xx:xx:xx:xx:xx -j CHILD
iptables -I FORWARD 1 -m mac --mac-source yy:yy:yy:yy:yy:yy -j CHILD

# Включаем по времени
iptables -I CHILD 1 -m time --timestart 18:00:00 --timestop 22:00:00 --days Sun,Mon,Tue,Wed,Thu -j RETURN
iptables -I CHILD 1 -m time --timestart 14:00:00 --timestop 22:00:00 --days Fri,Sat -j RETURN

Не работает
iptables -L CHILD -v
0 0 RETURN all -- any any anywhere anywhere TIME from 18:00:00 to 22:00:00 on Sun,Mon,Tue,Wed,Thu
0 0 RETURN all -- any any anywhere anywhere TIME from 14:00:00 to 22:00:00 on Fri,Sat
14715 818K DROP all -- any any anywhere anywhere

Добавляю RETURN после time правил, чтобы проверить, что пакеты ходят нормально и все правила просматриваются

iptables -I CHILD 3 -j RETURN

Работает
iptables -L CHILD -v
0 0 RETURN all -- any any anywhere anywhere TIME from 18:00:00 to 22:00:00 on Sun,Mon,Tue,Wed,Thu
0 0 RETURN all -- any any anywhere anywhere TIME from 14:00:00 to 22:00:00 on Fri,Sat
670 12872 RETURN all -- any any anywhere anywhere
14821 819K DROP all -- any any anywhere anywhere

Оставляю только одно time правило и перегружаюсь
Работает.
iptables -L CHILD -v
972 18961 RETURN all -- any any anywhere anywhere TIME from 14:00:00 to 22:00:00 on Sun,Mon,Tue,Wed,Thu,Fri,Sat
5 145 DROP all -- any any anywhere anywhere

Вопрос: оно что, не понимает нескольких time правил в одной цепочке или я чего-то не догоняю?
Прошивка DIR320-1.9.2.7-d-r2394M.trx от 29.11.2010
Девайс DIR-320
08-06-2011, 15:21
a.ryzhikov

Îãðàíè÷åíèå äîñòóïà ïî âðåìåíè

ÿ íàñòðîèë WAN & LAN Filter òàê ÷òîáû â îïðåäåëåííîå âðåìÿ(ñ 10:00 äî 18:00) íå áûëî äîñòóïà êî âñåì ïîðòàì êðîìå 80/tcp(èíòåðíåò). Âñå ðàáîòàåò çàìå÷àòåëüíî çà îäíèì èñêëþ÷åíèå. êîãäà ïðèõîäèò âðåìÿ âñå âêëþ÷èòü ó ìåíÿ íàîáîðîò îòðóáàåòñÿ âñå âìåñòå ñ èíòåðíåòîì.
Â ÷åì ìîæåò áûòü ïðîáëåìà?

Ðîóòåð ASUS WL-500 gP V2, ïðîøèâêà WL500gpv2-1.9.2.7-d-r2624

LAN to WAN Filter:
Enable LAN to WAN Filter: yas
Date to Enable LAN to WAN Filter: Sun, Mon, Tue, Wed, Thu, Fri, Sat
Time of Day to Enable LAN to WAN Filter: 10:00 - 18:00
Packets(LAN to WAN) not specified will be: DROP
Filtered ICMP(LAN to WAN) packet types: Ïóñòî

LAN to WAN Filter Table
Source IP(ïóñòî), Port Range(ïóñòî), Destination IP(ïóñòî), Port Range 80, Protocol TCP

Â çàðàíåå ñïàñèáî!
11-06-2011, 23:12
VicSer

Çàìåòèë ìàëåíüêóþ îñîáåííîñòü. Ïîñëå îáíîâëåíèÿ â rt-n âåòêå iptables äî 1.4.3.2 (r2716 è âûøå) îïöèÿ "--days" áîëåå íå ðàáîòàåò. Â ïðàâèëàõ íàäî çàìåíèòü íà "--weekdays". :)
13-06-2011, 12:01
Shallow

Çàáëîêèðîâàòü âûõîä â ñåòü

Ñêàæèòå ïîæàëóéñòà, êàê çàáëîêèðîâàòü äîñòóï â èíòåðíåò ïî ÌÀÑ àäðåñó?
ò.å. ÷òî á â ëîêàëüíîé ñåòè ìîæíî áûëî, à â èíòåðíåò âûéòè íåëüçÿ...
Ðîóòåð - wl500gP v2 ñ ïîñëåäíåé ïðîøèâêîé îò Îëåãà.
Çàðàíåå ñïàñèáî.
13-06-2011, 13:04
akm2008

Âîò èíòåðåñíàÿ òåìà ïî÷èòàé Ñòàòèñòèêà è îãðàíè÷åíèå äîñòóïà ïî ip è mac
22-12-2011, 07:11
cez

Ñäâèã âðåìåíè â ðîóòåðå

Êîïàëñÿ â÷åðà â iptables íà ïðåäìåò óêðóòèòü èíòåðíåò äî÷åðè äî 2-õ ÷àñîâ â äåíü, è ñ èçóìëåíèåì âûÿñíèë, ÷òî â êëþ÷àõ --timestart --timestop íàøè ìîñêîâñêèå 00:00 ñîîòâåòñòâóþò ó íåãî 5:48 ñ êîïåéêàìè ýòèõ æå (!) ñóòîê.
Ïðèòîì ÷òî â WEB-ìîðäå âñå íîðìàëüíî, çà èñêëþ÷åíèåì ÷àñîâîãî ïîÿñà (ïðèøëîñü îòïðàâèòü â Àáó-Äàáè).
Âðåìÿ áåðåòñÿ ñ time.nist.gov

Â ïðèíöèïå íå êðèòè÷íî (íó íàïèøó ÿ íå 21:00 - 22:00, à 02:48 - 03:48),
íî èíòåðåñíî - ãäå ýòî âñå íàñòðàèâàåòñÿ.

P.S. ß ñòåêîëüùèê, à íå ïèíãâèíîâîä, ïîýòîìó ïîïîäðîáíåå

P.P.S. DIR-320
20-01-2012, 03:26
sev16

Quote:

Originally Posted by SerJJ

Ìåíÿ èíòåðåñóåò âîçìîæíîñòü ðåøèòü çàäà÷ó èñïîëüçóÿ âåáèíòåðôåñ ðîóòåðà. ïðîøèâêà ïîñëåäíÿÿ, Îëåãîâñêàÿ.

Ó ìåíÿ ïðîøèâêà îò ýíòóçèàñòîâ òàì åñòü âîçìîæíîñòü íàñòðîèòü firewall â web-ìîðäå (äóìàþ â îëåãîâñêîé òîæå ñàìîå åñòü íå ïîìíþ åæå äàâíî åå ñìåíèë) íî ïîäðîáíåå ñåé÷àñ ñêàçàòü íå ìîãó íåò ïîä ðóêîé ðîóòåðà. Âîçìîæíî ïîçæå.
04-05-2012, 08:19
forbius

Ïîëüçóþñü îäíîé èç ïîñëåäíèõ ïðîøèâîê îò Ýíòóçèàñòîâ, åñòü çàäà÷à çàïðåòèòü îòäíîìó èç áåñïðîâîäíûõ ïîëüçîâàòåëåé äîñòóï â èíåò â îïðåäåëåííîå âðåìÿ ñóòîê. Íàïðèìåð íî÷üþ. Êàêîé êîìàíäîé ýòî ìîæíî ñäåëàòü? âðåìåííàÿ áëîêèðîâêà ïî MACó?
29-06-2012, 20:50
PTZ-M

Â îäèí íå ïðåêðàñíûé äåíü íà÷àëüíèêà ïðèêàçàëà ïåðåêðûòü äåâóøêàì ñîöèàëêó ñ 9 äî 13 è ñ 14 äî 17, ïî÷åñàë ðåïó è ïîëåç â Internet Firewall - URL Filter. Íî òóò æäàë îáëîì - ñîçäàë ïðàâèëî äëÿ îòðåçêà âðåìåíè 9-13, à äëÿ 14-17 íàîòðåç îòêàçàëñÿ ýòî äåëàòü ìîòèâèðóÿ òåì, ÷òî çàïèñü ñ ïîäîáíûì àäðåñîì óæå åñòü :p Ïîøàìàíèâ è ïîìàòåðèâøèñü, ðåøèë ñäåëàòü âðó÷íóþ:

Code:

iptables -I FORWARD -p tcp -m time --timestart 09:00:00 --timestop 13:00:00 --weekdays Mon,Tue,Wed,Thu,Fri -m webstr --url vk.com -j DROP

Code:

iptables -I FORWARD -p tcp -m time --timestart 14:00:00 --timestop 17:00:00 --weekdays Mon,Tue,Wed,Thu,Fri -m webstr --url vk.com -j DROP

Ïðåêðàñíî îòðàáàòûâàÿñü â ïàìÿòè, íàñòðîéêè ðåøèë ñîõðàíèòü:

Code:

iptables-save > /usr/local/sbin/post-firewall

Code:

chmod +x /usr/local/sbin/post-firewall

Code:

flashfs save && flashfs commit && flashfs enable && reboot

Âîò òóò è âûëåç íåïîíÿòíûé êîñÿê - âûäàëî, ÷òî /usr/local/sbin/post-firewall íå ñóùåñòâóåò :confused:
Òåðü íå çíàþ ÷òî è äåëàòü, â îïåðàòèâêå ïðîâèñèò, äî ïåðâîãî æå ïèíêà, à êóäà òîãäà ñîõðàíÿòü äàæå íå ïðåäñòàâëÿþ :(
30-06-2012, 07:30
TReX

Quote:

Originally Posted by PTZ-M

Òåðü íå çíàþ ÷òî è äåëàòü, â îïåðàòèâêå ïðîâèñèò, äî ïåðâîãî æå ïèíêà, à êóäà òîãäà ñîõðàíÿòü äàæå íå ïðåäñòàâëÿþ :(

Code:

mkdir -p /usr/local/sbin/ echo "#!/bin/sh" >> /usr/local/sbin/post-boot cp /usr/local/sbin/post-boot /usr/local/sbin/post-firewall cp /usr/local/sbin/post-boot /usr/local/sbin/post-mount cp /usr/local/sbin/post-boot /usr/local/sbin/pre-shutdown chmod +x /usr/local/sbin/p* flashfs save flashfs commit flashfs enable

Ìîæíî íàïðèìåð òàê, åñëè ÷òî )
30-06-2012, 11:16
_And_

èëè òàê )))

>> /usr/local/sbin/post-firewall && chmod 755 /usr/local/sbin/post-firewall

flashfs save && flashfs commit && flashfs enable
30-06-2012, 11:19
MercuryV

Quote:

Originally Posted by TReX

Code:

mkdir -p /usr/local/sbin/ echo "#!/bin/sh" >> /usr/local/sbin/post-boot cp /usr/local/sbin/post-boot /usr/local/sbin/post-firewall cp /usr/local/sbin/post-boot /usr/local/sbin/post-mount ...

Ìîæíî íàïðèìåð òàê, åñëè ÷òî )

TReX, çà÷åì æå òàê ñóðîâî ñîâåòîâàòü, à åñëè óæå áûë, ê ïðèìåðó, ôàéë post-mount ??? çàòðåòñÿ æå
äåëüíûì ñîâåòîì ÿâëÿåòñÿ ïåðâàÿ ñòðî÷êà

Code:

mkdir -p /usr/local/sbin/

âîçìîæíî ôàéë post-firewall íå ñîçäàëñÿ êàê ðàç èç-çà îòñóòñòâèÿ êàòàëîãà.

Show 40 post(s) from this thread on one page