From owner-freebsd-questions@FreeBSD.ORG  Wed May  3 03:41:59 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7B6D316A402
	for <freebsd-questions@freebsd.org>;
	Wed,  3 May 2006 03:41:59 +0000 (UTC)
	(envelope-from atom.powers@gmail.com)
Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.225])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C601843D46
	for <freebsd-questions@freebsd.org>;
	Wed,  3 May 2006 03:41:58 +0000 (GMT)
	(envelope-from atom.powers@gmail.com)
Received: by wr-out-0506.google.com with SMTP id i32so61774wra
	for <freebsd-questions@freebsd.org>;
	Tue, 02 May 2006 20:41:58 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
	b=eeaCb/KGvNUVdN20KtkhY0SMTToVmWC0BC0apWUDMyDI6pThqIeK1pJODSDp3YiwJE1hbYK+lE5FvDKSmzSNJoFfAlm+oVz0xvOyvm0LFT44FtAhShj5iFfjL74woxxUNsfsFojTT5FdVi+wxC1tBSIsewt1MxAHG/+5UkhQ+50=
Received: by 10.65.150.15 with SMTP id c15mr874252qbo;
	Tue, 02 May 2006 20:41:58 -0700 (PDT)
Received: by 10.65.150.9 with HTTP; Tue, 2 May 2006 20:41:58 -0700 (PDT)
Message-ID: <df9ac37c0605022041u2fa68b83t4ad6e4291f65a3cf@mail.gmail.com>
Date: Tue, 2 May 2006 20:41:58 -0700
From: "Atom Powers" <atom.powers@gmail.com>
To: "Bryan Curl" <bc3910@gmail.com>
In-Reply-To: <51257d370605021635x126d6560ueffdba9285d763da@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <51257d370605021635x126d6560ueffdba9285d763da@mail.gmail.com>
Cc: freebsd-questions <freebsd-questions@freebsd.org>
Subject: Re: ipfirewall tricks
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 03 May 2006 03:41:59 -0000

On 5/2/06, Bryan Curl <bc3910@gmail.com> wrote:
> I want to limit time my kids spend on the internet.
> The way I am doing it is to make varying, seperate ipf.rules files and
> install them from cron at the appropriate time.
> Problem is, if I make a change to one file, I generally have to update al=
l
> the others accordingly.
>
> Is there a better way? I have read man ipf but didnt come out with any
> ideas.

I would use pf and have something like this:

pf.conf
----
block out all from <kids> to any
----

crontab
----
pfctl -t kids -T add kids.ip.to.block
pfctl -t kids -T del kids.ip.to.allow
----

You can also keep the IPs in a flat file and just tell pf to re-read
the file (or read a different file) to update the table.

I love pf.

--
--
Perfection is just a word I use occasionally with mustard.
--Atom Powers--