On Saturday, September 24, Kiraly Zoltan wrote:
> I want to build a home network using OpenBSD as gateway. A child in
> network have a computer, and like to surf the Internet. I want to drop
> her Internet connection at night (11:00AM) because the child don't go to
> sleep.
>
> I don't want to unplug the network cable, i need to do this job with
> OpenBSD.
>
> Exist a proxy server or solution which limit the Internet connection
> using time? An example: Drop internet connection at 11:AM night and
> allow Internet at 6:00 AM morning.
>
Straight from my home firewall, with exactly the same problem, and as
a parent, interestingly, my times are exactly the same as yours. My
kids have a dual boot windows/OpenBSD box which is their only net
access. They can use windows for schoolwork or games and stuff, but
access other then web they have to use OpenBSD (enforced by pf.os on
the firewall) - My daughter manages fine using MSN chat with GAIM,
mail with tbird and the usual culprit of bloated packages to do
ms/word goo, etc. (This has always been the case, even before the time
limit here)
The net stopping at 11 was finally resorted to about 6 months ago
after runescape (with my son, 12) and MSN chat (with my daughter, 14)
would go till 3 am if left unchecked. They both got a couple of
warnings about get off the chat garbage at night so they'd get up in
the morning and be human, and when that didn't happen this did. They
complained a bunch at first but now get it. and I'm able to get them
out of bed in the morning. They're also "having a life" again, i.e.
biking, playing clarinet, seeing friends in meatspace instead of
sitting in front of a chat window all day. (I actually blame
society for not letting my kids drink beer with their friends - that
should be the proper way to get someone off chat/icb ;)
FWIW, I'll probably remove the time limit sometime next month after
they're back in the rythm of school again, and see how well they
police themselves, now that they are sure of the consequences if they
don't.
-Bob
(root's crontab)
--------------
# it's night time. the kitchen PC doesn't need to go all night
0 23 * * * /usr/local/libexec/pf.night
# it's wakey time. make the kitchen PC work to the net again.
0 6 * * * /usr/local/libexec/pf.day
(pf.day script - 20.89 is the kid computer.)
-----------
#!/bin/sh
rm /etc/pf.conf
ln -s /etc/pf.conf.night /etc/pf.conf
pfctl -f /etc/pf.conf
pfctl -k 192.168.20.89 > /dev/null 2>&1
(pf.night script)
----------------
#!/bin/sh
rm /etc/pf.conf
ln -s /etc/pf.conf.day /etc/pf.conf
pfctl -f /etc/pf.conf
relevant pieces from pf.conf.day/night
------------------------
# the line below is in pf.conf.night and not in pf.conf.day
block in quick on $int_if inet from 192.168.20.89 to any
...
# Training wheels for windows boxes. Stomp anything other than
# web ftp and ssh. If they need more they should run something else.
block in log on { $int_if, $wi_if } proto tcp from any os Windows to any
# pass other stuff kids have to boot OpenBSD for anything not
# web or ssh, because I'm sick of windows bullshit.
