Îãðàíè÷åíèå äîñòóïà ê èíòåðíåòó ïî ðàñïèñàíèþ

Quote:

---

Originally Posted by bbsc

Êðîìå òîãî, èìååòñÿ íåñêîëüêî ñêðèïòîâ ñ íàçâàíèÿìè ON, OFF è OFFF äëÿ îïåðàòèâíîãî âêëþ÷åíèÿ, îãðàíè÷åíèÿ è ïîëíîãî âûêëþ÷åíèÿ èíòåðíåòà óäàëåííî (íàïðèìåð, ñ òåëåôîíà :)).

---

À ìîæíî ïî ïîäðîáíåå, óæ î÷åíü èíòåðåñíî, ïðîáëåìà: êàê ïðîãíàòü ðåáåíêà îò êîìïà.;)

åñëè ìîæíî ñî ñêðèïòàìè è êóäà, è êàê çàïóñòèòü.

AlekseyA, íåò ïðîáëåì :)

Ñêðèïò ON:

Code:

---

#!/bin/sh

iptables -F CHILD
iptables -A CHILD -j RETURN

iptables -L CHILD && echo -e "Ðåáåíîê ÂÊëþ÷åí\n"

---

Ñêðèïò OFF:

Code:

---

#!/bin/sh

iptables -F CHILD
iptables -A CHILD -j DROP

### Âî âðåìÿ äåéñòâèÿ ëåòíåãî âðåìåíè ñðàáàòûâàåò íà 1 ÷àñ ïîçæå:
iptables -I CHILD 1 -m time --timestart 18:00:00 --timestop 21:00:00 --days Sun,Mon,Tue,Wed,Thu,Fri,Sat -j RETURN

echo
iptables -L CHILD && echo -e "Ðåáåíîê ÂÊëþ÷åí ïî âðåìåíè\n"

---

Ñêðèïò OFFF

Code:

---

#!/bin/sh

iptables -F CHILD
iptables -A CHILD -j DROP

echo
iptables -L CHILD && echo -e "Ðåáåíîê ÂÛêëþ÷åí ÑÎÂÑÅÌ\n"

---

Ôàéëû ON, OFF, OFFF ëåæàò â /opt/bin è, åñòåñòâåííî, ñäåëàíû èñïîëíÿåìûìè.
Ñöåíàðèé: ðåáåíîê çâîíèò, ãîâîðèò, ÷òî ñäåëàë óðîêè è ïðîñèò âêëþ÷èòü èíåò.
Ïàïà çàïóñêàåò Putty íà òåëåôîíå, íàáèðàåò ON è ðåáåíîê âêëþ÷åí.
Îñòàëüíîå - àíàëîãè÷íî.

P.S. Åñòåñòâåííî, äëÿ ðàáîòû ñêðèïòîâ â post-firewall íóæíî âêëþ÷èòü òîò êóñîê, ÷òî ÿ ïðèâîäèë âûøå.

Ñóïåðñêîå ðåøåíèå, ñåé÷àñ ðàñïëà÷óñü îò ñ÷àñòüÿ!
Îäíî ÍÎ - äåòèøêîô ó ìåíÿ äâîå, ó êàæäîãî ñâîé êîìï. Ïðàâèëî îäíî íà îáîèõ - 23:00 - îòáîé è íèêàêèõ ãâîçäåé. Êóäà â âûøåïðèâåäåííîì ñêðèïòå ÌÀÑ àäðåñ âòîðîãî îòïðûñêà âîòêíóòü?

Antoon, ýòî âðîäå î÷åâèäíî.
 âûøåïðèâåäåííîì êóñêå post-firewall èùèòå ñòðî÷êó, ãäå óêàçàí MAC.
Ïîä íåé äîïèñûâàåòå òàêóþ æå, íî ñ MAC-îì âòîðîãî ÷àäà.

ß ñäåëàë òàê:
Ñîçäàë äâà ôàéëà.
Ïåðâûé ipoff ñëåäóþùåãî ñîäåðæàíèÿ:

Code:

---

#!/bin/sh                                                                                                                                 
iptables -I FORWARD -s 192.168.xx.xx -j DROP

---

ãäå : 192.168.xx.xx - êîìïüþòåð äîñòóï ê êîòîðîìó ñëåäóåò çàêðûòü.
È âòîðîé ipon:

Code:

---

#!/bin/sh                                                                                                                                 
iptables -D FORWARD -s 192.168.xx.xx -j DROP

---

Ñäåëàë èõ èñïîëíÿåìûìè.
Ïîìåñòèë èõ â /opt/local/bin.
 /opt/local ðàñïîëîãàþòñÿ ïðîãðàììû ïîñòàâëåííûå âðó÷íóþ.
È çàäàë çàäàíèÿ â êðîí:

Code:

---

  00  14  *  *  1-5    ipoff
  00  18  *  *  1-5    ipon

---

Äîñòóï çàêðûò ñ 14 äî 18 êàæäûé äåíü , êðîìå ñóááîòû è âîñêðåñåíüÿ.
Âñå.

tin, ýòî âñ¸ î÷åâèäíî, íî íåýôôåêòèâíî.
Äåòêè óìíûå ïîøëè - áûâàåò, ÷òî ïèòàíèå ðîóòåðà ïåðåäåðíóòü ìîãóò.  Âàøåì ñëó÷àå ïåðåäåðãèâàíèå ïèòàíèÿ ñ 14 äî 18 ïðèâåäåò ê òîìó, ÷òî èíòåðíåò ïîÿâèòñÿ äî 14 ñëåäóþùåãî äíÿ.
Èëè ôëåøêó ìîãóò âûäåðíóòü :)
Äà è IP âðó÷íóþ ïîñòàâèòü - íåò ïðîáëåì.

Quote:

---

Originally Posted by bbsc

tin, ýòî âñ¸ î÷åâèäíî, íî íåýôôåêòèâíî.
Äåòêè óìíûå ïîøëè - áûâàåò, ÷òî ïèòàíèå ðîóòåðà ïåðåäåðíóòü ìîãóò.  Âàøåì ñëó÷àå ïåðåäåðãèâàíèå ïèòàíèÿ ñ 14 äî 18 ïðèâåäåò ê òîìó, ÷òî èíòåðíåò ïîÿâèòñÿ äî 14 ñëåäóþùåãî äíÿ.
Èëè ôëåøêó ìîãóò âûäåðíóòü :)
Äà è IP âðó÷íóþ ïîñòàâèòü - íåò ïðîáëåì.

---

Ýòî ïîíÿòíî.
 ìîåì ñëó÷àå äàííîå ðåøåíèå ðàáîòàåò , è ïîëíîñòüþ ìåíÿ óäîâëåòâîðÿåò.
Êðîìå òîãî çäåñü óæå äåëî íå êàêîé-òî æåëåçêå, à íàâåðíîå óæå â äåòÿõ è â èõ âîñïèòàíèè.

Quote:

---

Originally Posted by bbsc

tin, ýòî âñ¸ î÷åâèäíî, íî íåýôôåêòèâíî.
Äåòêè óìíûå ïîøëè - áûâàåò, ÷òî ïèòàíèå ðîóòåðà ïåðåäåðíóòü ìîãóò.  Âàøåì ñëó÷àå ïåðåäåðãèâàíèå ïèòàíèÿ ñ 14 äî 18 ïðèâåäåò ê òîìó, ÷òî èíòåðíåò ïîÿâèòñÿ äî 14 ñëåäóþùåãî äíÿ.
Èëè ôëåøêó ìîãóò âûäåðíóòü :)
Äà è IP âðó÷íóþ ïîñòàâèòü - íåò ïðîáëåì.

---

) bbsc ïðàâ, ïîëíîöåííàÿ çàùèòà îò èíñàéäåðîâ â ïðèíöèïå íåâîçìîæíà, ìîæíî æå è âîîáùå íàïðÿìóþ â êîìïüþòåð âêëþ÷èòñÿ, òàê ÷òî òóò óæå ñêîðåå âîïðîñ âîñïèòàíèÿ

Ñìåíà IP íàïðèìåð ðåøàåòñÿ ïðîñòî, ïðèâÿçûâàåì MAC ê IP, äàæå åñëè ñìåíèòü IP, ðîóòåð áóäåò âñå ñëàòü íà òîò MAC ÷òî ó íåãî ïðèïèñàí, äà è ñêðèïò ìîæíî ïèõíóòü â àâòîçàãðóçêó è ñäåëàòü ýôôåêòèâíóþ ïðîâåðêó óñëîâèé, âîò òîëüêî ïðîáëåìó âîñïèòàíèÿ ýòî âðÿä ëè ðåøèò :)

TReX, tin , íå î÷åíü ïîíèìàþ, ê ÷åìó âåñü ýòîò ôëóä íàñ÷åò âîñïèòàíèÿ.
Áûë áû ïîðÿäîê ñ âîñïèòàíèåì - iptables -m time íàì âñåì áû íå ïîíàäîáèëñÿ.
À òàê...
Âàðèàíò ñ iptables -m time èñêëþ÷àåò äîñòóï ê èíåòó áåç êàðòî÷êè äîñòóïà è áåç ðàçðóøàþùèõ äåéñòâèé ñ ïàïèíîé æåëåçêîé.
Âàðèàíò ñ crontab ïîçâîëÿåò åãî ëåãêî îáîéòè è ñ÷èòàòü ïàïó ëîïóõîì.

P.S. Â ïðèíöèïå, âàðèàíò ñ iptables -m time òîæå ìîæíî îáîéòè.
Íî äëÿ ýòîãî íóæíî ñäåëàòü ðÿä íåî÷åâèäíûõ äåéñòâèé.
Íàïðèìåð, ïî÷èòàòü ïðî MAC-àäðåñà, êàê èõ ìåíÿòü, âû÷èñëèòü MAC, íàïðèìåð, ìàìèíîãî èëè ïàïèíîãî òåëåôîíà è ïîëó÷èòü äîñòóï.
Ïîïóòíî ïðèäåòñÿ "âçÿòü" ëîêàëüíîãî àäìèíà ó ñåáÿ íà êîìïå.
Òàê âîò, åñëè ìîÿ äî÷êà ýòî âñ¸ ñìîæåò ñäåëàòü, òî ÿ áóäó òîëüêî ðàä è âêëþ÷ó åé èíòåðíåò íàâñåãäà.

Quote:

---

Originally Posted by al37919

ïðè óñëîâèè, ÷òî ó ýòîãî ñåðâèñà ðåàëüíî âûäåëèòü åäèíè÷íûé ip àäðåñ (èëè õîòÿ áû äèàïàçîí àäðåñîâ). Íàïðèìåð äëÿ mail.ru :

PHP Code:

---

iptables -A FORWARD -s 192.168.1.6 -d 194.67.57.0/24 -j DROP 


---

ñìîòðåòü àäðåñà:

PHP Code:

---

nslookup mail.ru 


---

---

À ÷òîáû çàïðåòèòü äîñòóï èç âñåé ëîêàëêè, íàäî çàïèñàòü òàê:

Code:

---

iptables -A FORWARD -s 192.168.1.0/24 -d 194.67.57.0/24 -j DROP

---

Quote:

---

Originally Posted by bbsc

Antoon, ýòî âðîäå î÷åâèäíî.
 âûøåïðèâåäåííîì êóñêå post-firewall èùèòå ñòðî÷êó, ãäå óêàçàí MAC.
Ïîä íåé äîïèñûâàåòå òàêóþ æå, íî ñ MAC-îì âòîðîãî ÷àäà.

---

Õì, ñäåëàë ïî âàøåìó ðåöåïòó, èíòåðíåò ó äåòåé ïðîïàë. Òî åñòü, àáñîëþòíî. Ñóòêè ïîäîæäàë - íå âêëþ÷èëñÿ. Çíà÷åíèÿ --timestart 07:00:00, --timestop 00:00:00
Ïîêà çàêîììåíòèðîâàë. ×òî ìîæåò áûòü íå òàê?

Antoon, ñòðàííî, à ÷òî èìåííî Âû äåëàëè?
È êàêàÿ âåðñèÿ ïðîøèâêè ðîóòåðà?

Quote:

---

Originally Posted by bbsc

Antoon, ñòðàííî, à ÷òî èìåííî Âû äåëàëè?
È êàêàÿ âåðñèÿ ïðîøèâêè ðîóòåðà?

---

Äåëàë âñå ïî èíñòðóêöèè "ñ íóëÿ", ïðîøèâêà 1.9.2.7-d-r1222

Antoon, ïîêàæèòå:
1. cat /tmp/local/sbin/post-firewall
2. iptables -L FORWARD
3. iptables -L CHILD

Quote:

---

Originally Posted by bbsc

Antoon, ïîêàæèòå:
1. cat /tmp/local/sbin/post-firewall

---

#!/bin/sh
iptables -t nat -nvL POSTROUTING | grep MASQUERADE | awk '{
"ifconfig "$7" | grep Mask" | getline ip;
split(ip,ip,":"); split(ip[2],ip," ");
split($8,src,"!");
if (src[1]=="") {src="! -s "src[2]} else {src="-s "src[1]};
if ($9=="0.0.0.0/0") {dst=""} else {dst="-d "$9};
system("iptables -t nat -A POSTROUTING -o "$7" "src" "dst" -j SNAT --to-source "ip[1]);
system("iptables -t nat -D POSTROUTING -o "$7" "src" "dst" -j MASQUERADE");
}'
iptables -N CHILD
iptables -A CHILD -j DROP
iptables -I FORWARD 1 -m mac --mac-source 00:17:9a:02:a2:a1 -o ppp0 -j CHILD
iptables -I FORWARD 1 -m mac --mac-source 00:13:02:ae:d7:02 -o ppp0 -j CHILD

## Âêëþ÷àåì ðåáåíêó èíòåðíåò ïî âðåìåíè
iptables -I CHILD 1 -m time --timestart 07:00:00 --timestop 00:00:00 --days Sun,Mon,Tue,Wed,Thu,Fri,Sat -j RETURN

Quote:

---

Originally Posted by bbsc

2. iptables -L FORWARD

---

Chain FORWARD (policy ACCEPT)
target prot opt source destination
CHILD all -- anywhere anywhere MAC 00:13:02:AE:D7:02
CHILD all -- anywhere anywhere MAC 00:17:9A:02:A2:A1
DROP tcp -- anywhere anywhere webstr: url *
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere state INVALID
TCPMSS tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN TCPMSS clamp to PMTU
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
SECURITY all -- anywhere anywhere state NEW
ACCEPT all -- anywhere anywhere ctstate DNAT
DROP all -- anywhere anywhere

Quote:

---

Originally Posted by bbsc

3. iptables -L CHILD

---

Chain CHILD (2 references)
target prot opt source destination
RETURN all -- anywhere anywhere TIME from 07:00:00 to 00:00:00 on Sun,Mon,Tue,Wed,Thu,Fri,Sat
DROP all -- anywhere anywhere