[Firehol-support] limiting internet to certain periods of time
Spike
spike at drba.org
Sun Feb 12 15:06:51 GMT 2017
Hello Costa,
I'm doing just that and looks great, thanks. And thank you for mentioning
the blacklist helper, very useful, especially for its stateless
capabilities. I have a question about it: the gw/fw is also providing dhcp
for the lan. During those given times I want hosts not to go online, but I
still need them to be able to use dhcp etc. Can the blacklist be applied
somehow to the outgoing/internet facing interface? I saw there is an inface
attribute, but no outface one, but maybe it doesn't matter and I can just
use inface on the outgoing ones?
thanks,
Spike
On Fri, Feb 10, 2017 at 10:43 AM Tsaousis, Costa <costa at tsaousis.gr> wrote:
> Hi Spike,
>
> You can use ipsets in firehol.conf and run cron jobs to add/remove IPs to
> the already configured ipsets.
> This works perfectly and does not need a restart of your firewall.
>
> Some special attention has to be given to established connections.
> If you want even the established connections to be dropped, I suggest to
> use blacklists which will examine all the traffic.
>
> The wiki and manual has information about both.
>
> Costa
>
>
> On Fri, Feb 10, 2017 at 7:34 PM, Spike <spike at drba.org> wrote:
>
> Dear all,
>
> I need to restrict internet for certain clients based on time ranges. So
> for example ip a.b.c.d should only be able to reach the internet between 5
> and 6pm, while x.y.w.z only between 1-2pm.
>
> Before using firehol, I was accomplishing this by defining a custom chain
> "timelimited" in the INPUT chain that would drop all traffic for the ips it
> contained. I would then have cron firing off at various intervals adding
> and removing ips from "timelimited".
>
> What's the recommended way to implement this with firehol? I looked to see
> if there was any utility for time based rules, but didn't find one.
>
> thanks,
>
> Spike
>
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.firehol.org
> http://lists.firehol.org/mailman/listinfo/firehol-support
>
>
>
More information about the Firehol-support
mailing list