View from the Trenches: Virtual Curfews

Pulling together the pieces to meet real-world customer requests, and the value of learning from our mistakes.


Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Re: View from the Trenches: Virtual Curfews

Anonymous's picture

Ipchains is far too old soon even to mention. Sorry, but I just had to say this. You must be more a writer than a sysadmin :)
Having had to learn both ipchains and iptables I can only say this - forget the older and learn only the newer. It's WAY better.
Oh and btw, if you had checked the iptables howto at, you'd know that there exists a mac target for the iptables. Hence - no need to hack around the DHCP on a two-pc-lan. Of course if you insist on being so orderly..
Of course, being so orderly.. you would probably like to use a side-chain for all the traffic from the little girl's pc, in case there would be more than one rule in the future.

Re: View from the Trenches: Virtual Curfews

Anonymous's picture

I think fcron would be able to handle the potential problem of the machine being down when a command was scheduled to be run:

"Fcron also includes a useful system of options, which can be applied either to every lines following the declaration or to a single line. Some of the supported options permit to:

* run jobs one by one,
* set the max system load average value under which the job should be run,
* set a nice value for a job,
* run jobs at fcron's startup if they should have been run during system down time,
* mail user to tell him a job has not run and why,
* a better management of the mailing of outputs ... "

Re: View from the Trenches: Virtual Curfews

Anonymous's picture

For people looking for this type of functionality, I recommend Censornet.

You can limit internet time by user or workstation. It has a nice GUI for administration and reports. There is a fairly active forum of users (and support techs).

It's GPL and free for download. They do take donations (I was glad to do this) so you can say, "How much was it worth to me to get a really nice customized Debian distro that does exactly what I was looking for...".

Hope this helps.

Re: View from the Trenches: Virtual Curfews

synthetoonz's picture

I did something similar, but hadn't thought of reconfiguring the network to do it.

Our rules were more simple -- the adults in the house have to go to work, so they need an appropriate amount of sleep. Therefore, the loud and badly behaved teenager in the house had to be forcibly prevented from playing SOCOM Online (an endeavor he insists must be done every waking moment) at unrealistic times of the night (or morning.)

So, I wrote a perl script that runs on the system acting as the firewall/dsl router.
cron runs the script every five minutes.
A list of up and down times is kept in the script.
If the current time is a down time, then the script refers to the list of the adult's computers in the house.
If any of the adult's computers respond to ping, then the script ends.
If none of the adult's computers are up, then the script shuts down the system. Totally.

Why waste electricity on something that isn't being used?

I was soooooo pleased with myself the first time it worked ;-)

(Oh, yes, and all the adult's computers require a password in order to boot.)

Re: View from the Trenches: Virtual Curfews

Anonymous's picture

Excellent article. This might be something that would integrate well into a "family firewall" product and be handled by a web interface easily. I'm sure I could find some people who would adopt such a product for a small one-time price. My parents would have loved to have had this too. :-)

I enjoyed how you insightfully drew out some real world consulting experience in addition to the fun technical perspective. Great mix of the two that I appreciated.