Hellow Everyone! Any one who can help me on how to configure my shorewell firewall in a two interface Card (eth0 and eth1) So that i can be able to allow internet access only during none office hours like early in the morning ,lunch time and evenings. (ie Time Based Configuration for internet access via firewall.) Regards, eliudkat ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
eliud Kataraihya wrote:> Any one who can help me on how to configure my shorewell firewall in a two > interface Card (eth0 and eth1) So that i can be able to allow internet > access only during none office hours like early in the morning ,lunch time > and evenings. > > (ie Time Based Configuration for internet access via firewall.)Shorewall supports: - Multiple configurations (http://www1.shorewall.net/configuration_file_basics.htm#Levels) - Multiple saved configurations (http://www1.shorewall.net/starting_and_stopping_shorewall.htm#Saved) And the ''cron'' utility allows commands to be run at a particular time each day. Given these facts, the answer should be obvious... -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
On Mon, Dec 25, 2006 at 08:37:04PM -0800, Tom Eastep wrote:> > eliud Kataraihya wrote: > > > Any one who can help me on how to configure my shorewell firewall in a two > > interface Card (eth0 and eth1) So that i can be able to allow internet > > access only during none office hours like early in the morning ,lunch time > > and evenings. > > > > (ie Time Based Configuration for internet access via firewall.) > > Shorewall supports: > > - Multiple configurations > (http://www1.shorewall.net/configuration_file_basics.htm#Levels) > - Multiple saved configurations > (http://www1.shorewall.net/starting_and_stopping_shorewall.htm#Saved) > > And the ''cron'' utility allows commands to be run at a particular time each > day. Given these facts, the answer should be obvious...Or for a different approach (under the assumption that when you said "internet access" you actually meant "web access"), run squid, configure shorewall so that access to the web is only possible via squid, and configure squid with time-based acls. Offhand, I don''t see any particular advantages of either approach over the other for the stated problem. Squid''s acls are capable of a lot more in general though, if you ever wanted to define more complex access rules. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
On Tue, 2006-12-26 at 06:56 +0000, Andrew Suffield wrote:> On Mon, Dec 25, 2006 at 08:37:04PM -0800, Tom Eastep wrote: > > > > eliud Kataraihya wrote: > > > > > Any one who can help me on how to configure my shorewell firewall in a two > > > interface Card (eth0 and eth1) So that i can be able to allow internet > > > access only during none office hours like early in the morning ,lunch time > > > and evenings. > > > > > > (ie Time Based Configuration for internet access via firewall.) > > > > Shorewall supports: > > > > - Multiple configurations > > (http://www1.shorewall.net/configuration_file_basics.htm#Levels) > > - Multiple saved configurations > > (http://www1.shorewall.net/starting_and_stopping_shorewall.htm#Saved) > > > > And the ''cron'' utility allows commands to be run at a particular time each > > day. Given these facts, the answer should be obvious... > > Or for a different approach (under the assumption that when you said > "internet access" you actually meant "web access"), run squid, > configure shorewall so that access to the web is only possible via > squid, and configure squid with time-based acls. > > Offhand, I don''t see any particular advantages of either approach over > the other for the stated problem. Squid''s acls are capable of a lot > more in general though, if you ever wanted to define more complex > access rules. > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net''s Techsay panel and you''ll get the chance to share your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >Also you can do with bandwidth management software (eq. htb, etc) Put your script in cron.d should be work fine ------------------------------------------------------ Wratmoko Hadi HSW GSM : +62.8157115488 CDMA : +62.22.91175530 E-Mail : wra_eng@bdg.pacific.net.id System & Network Dev Pacific Telematika Indonesia Phone : +62.22.7308600 Fax : +62.22.7308601 Bandung - Indonesia http://www.bdg.pacific.net.id ------------------------------------------------------ Tue Dec 26 14:01:50 WIT 2006 Linux 2.6.17-1.2142_FC4 GNU/Linux Linux Counter #361972 KPLI #022-200011-495 ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV