Guest rhauff Posted November 29, 2004 Report Share Posted November 29, 2004 I am using Mandrake 10.0 and have Shorewall running. My kid's have a user setup for games and misc. and I would like to prevent them from accessing the network (Internet specifically) except when I am with them and enter a password. Is this possible? It has been suggested that I use iptables, which looks difficult. It seems to me this should be a common situation, but maybe not. Thanks! Quote Link to comment Share on other sites More sharing options...
arthur Posted November 29, 2004 Report Share Posted November 29, 2004 You can make your modem/ethernet card accessible to only a group of users, and create a group called "internet". Make yourself a member of that group thru MCC (UserDrake). Then, use chmod to make /dev/eth0 (or ppp0, whichever you use for the internet) owner and group-accessible only (which probably might be rw-rw----). You have to include root as a member of that group too. Now this might be quite complicated...I haven't tested this too, so simpler solutions are welcome. Anyone? NB. The device permissions would disappear after a reboot, so you have to run chmod again. You can set it to run at every boot using the init scripts. btw, welcome to the board! Quote Link to comment Share on other sites More sharing options...
Guest rhauff Posted November 30, 2004 Report Share Posted November 30, 2004 Thanks for the welcome and the reply! Your solution sound nicer and more straightforward than using "iptables". I think I'll hang on a bit and see if there are any other Ideas out there. Do any firewall products have something like this built in? Quote Link to comment Share on other sites More sharing options...
devries Posted November 30, 2004 Report Share Posted November 30, 2004 In KDE there is kiosktool (urpmi kiosktool). That allows you to lock down your PC. I don't know it very well but I would guess there might be an option to control internet acces. Good luck. Quote Link to comment Share on other sites More sharing options...
arthur Posted November 30, 2004 Report Share Posted November 30, 2004 (edited) I have another solution... :D using iptables... just type (as root) iptables -A INPUT -i eth0 -p tcp -j DROP this will disable all internet surfing, IM, and anything else that uses a tcp connection. If you use dial-up or ADSL, change 'eth0' to 'ppp0'. You have to make sure this command always runs at startup, but ONLY for your kid's account, otherwise you'll lock yourself out of the internet as well. If that accidentally happens, type "iptables -F" and your netfilter stack will be flushed (down the toilet). Edited November 30, 2004 by arthur Quote Link to comment Share on other sites More sharing options...
Qchem Posted November 30, 2004 Report Share Posted November 30, 2004 You could try adding some to the login script /etc/profile (or /etc/bash_profile or .... depending on distro) that checks for user id and then runs the iptables command (that is if the profile is run as root). Otherwise you might need to take a look at sudo to enable the command to run. Quote Link to comment Share on other sites More sharing options...
Michel Posted November 30, 2004 Report Share Posted November 30, 2004 (edited) I never used it, but I think you can do this with shorewall: http://shorewall.net/UserSets.html This comes from the documentation-section on http://shorewall.net . Hopes this help, Michel. P.S: I don't think it's needed/a good idea, to give someone direct access to the network device. Why? I suppose that person can look at all the traffic then and if he has write-permission, also write to it directly. Mayeb this isn't so bad, but is it good? I think Mandrake has lids-support compiled in by default, maybe you can use that, but I think that shorewall will be easier. Edited November 30, 2004 by Michel Quote Link to comment Share on other sites More sharing options...
Guest shaneomac Posted December 15, 2004 Report Share Posted December 15, 2004 Maybe I'm crazy, but I think the best thing to do would be tell mdk not to start eth0 on boot up. Then just start it up when you need it and turn it off when you're done. To tell it not to start on boot, go to mdk control center, Network & Internet, manage connections, options, uncheck "start at boot." You can start it under "monitor connections" in mdk, or in command line, /sbin/service network start should do it, you need to be su to do either one of these. Quote Link to comment Share on other sites More sharing options...
devries Posted December 15, 2004 Report Share Posted December 15, 2004 Why didn't I think of that............ Simple and elegant Quote Link to comment Share on other sites More sharing options...
iphitus Posted December 15, 2004 Report Share Posted December 15, 2004 I like arthurs option with iptables, here's a way to make it really simple to work with :D open a command line, su to root, and then add this line to the end of /etc/rc.local iptables -A INPUT -i eth0 -p tcp -j DROP That will block the internet off on boot. Now within your desktop, create an icon and assign it the command kdesu iptables -F Upon clicking this icon, it will request a password, and then unblock the internet. Good luck, have fun there, iphitus Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.