From owner-freebsd-questions@FreeBSD.ORG Wed May 3 14:10:04 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A9B8316A414 for ; Wed, 3 May 2006 14:10:04 +0000 (UTC) (envelope-from keramida@ceid.upatras.gr) Received: from igloo.linux.gr (igloo.linux.gr [62.1.205.36]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4D84643D76 for ; Wed, 3 May 2006 14:09:47 +0000 (GMT) (envelope-from keramida@ceid.upatras.gr) Received: from gothmog.pc (aris.bedc.ondsl.gr [62.103.39.226]) (authenticated bits=128) by igloo.linux.gr (8.13.6/8.13.6/Debian-1) with ESMTP id k43E9WsF019038 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 3 May 2006 17:09:33 +0300 Received: from gothmog.pc (gothmog [127.0.0.1]) by gothmog.pc (8.13.6/8.13.6) with ESMTP id k43E9fw3059228; Wed, 3 May 2006 17:09:41 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Received: (from giorgos@localhost) by gothmog.pc (8.13.6/8.13.6/Submit) id k43E9fLN059227; Wed, 3 May 2006 17:09:41 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Date: Wed, 3 May 2006 17:09:41 +0300 From: Giorgos Keramidas To: Atom Powers Message-ID: <20060503140941.GD58624@gothmog.pc> References: <51257d370605021635x126d6560ueffdba9285d763da@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Hellug-MailScanner: Found to be clean X-Hellug-MailScanner-SpamCheck: not spam, SpamAssassin (score=-3.398, required 5, autolearn=not spam, ALL_TRUSTED -1.80, AWL 0.80, BAYES_00 -2.60, DNS_FROM_RFC_ABUSE 0.20) X-Hellug-MailScanner-From: keramida@ceid.upatras.gr X-Spam-Status: No Cc: Bryan Curl , freebsd-questions Subject: Re: ipfirewall tricks X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 May 2006 14:10:04 -0000 On 2006-05-02 20:41, Atom Powers wrote: >On 5/2/06, Bryan Curl wrote: >>I want to limit time my kids spend on the internet. >>The way I am doing it is to make varying, seperate ipf.rules files and >>install them from cron at the appropriate time. >>Problem is, if I make a change to one file, I generally have to update all >>the others accordingly. >> >>Is there a better way? I have read man ipf but didnt come out with any >>ideas. > > I would use pf and have something like this: > > pf.conf > ---- > block out all from to any > ---- > > crontab > ---- > pfctl -t kids -T add kids.ip.to.block > pfctl -t kids -T del kids.ip.to.allow > ---- > > You can also keep the IPs in a flat file and just tell pf to re-read > the file (or read a different file) to update the table. Ah, neat trick. This is exactly why tables are so cool :)