[K12OSN] OT: Limit Network Access by time
Jim Kronebusch
jim at winonacotter.org
Fri Feb 27 09:08:01 UTC 2004
Wouldn’t the following two commands
0 23 * * * /sbin/ipchains -I ethout 1 -i eth1 -j DENY
0 23 * * * /sbin/ipchains -I ethin 1 -i eth1 -j DENY
Completely disable the interface on all ports? I assumed if I ran this
on the local (Green Network for IPCop) it would disable routing
completely. I am not looking for a port specific block, just an entire
shutdown. Otherwise they will still be up all night on file sharing
networks downloading stolen music and porn while instant messaging each
other about what so and so said at school today. I want the network
dead during off hours.
-----Original Message-----
From: k12osn-admin at redhat.com [mailto:k12osn-admin at redhat.com] On Behalf
Of Christopher K. Johnson
Sent: Friday, February 27, 2004 6:47 AM
To: k12osn at redhat.com
Subject: Re: [K12OSN] OT: Limit Network Access by time
aust_txv at ACCESS-K12.org wrote:
> Jim I use the cron tab interface in webmin to make my cron tab jobs.
> That's a neat idea overall - Closing internet in/out traffic would be
> a nice tool. We get a peer-to-peer issue now and then.
>
> Has anyone had a student connect to their PC at home via VNC ? Should
> I be concerned ? Ideas on how to squash it ?
>
> Thanks,
> Tom Ventresco
You can complicate such access but you cannot block it. Any unproxied
service or even ssl-based proxied service can be used to tunnel such
access. For instance if you permit access to https then the student
just has to make their home vnc listen on port 443, or their sshd and
tunnel their vnc connection to do it securely even.
So you can block ports in 5900-59xx and port 22 if you want to, but
chances are they will find an alternative, and you will merely have
complicated your own vnc and ssh access to outside systems.
--
-----------------------------------------------------------
"Spend less! Do more! Go Open Source..." -- Dirigo.net
Chris Johnson, RHCE #807000448202021
_______________________________________________
K12OSN mailing list
K12OSN at redhat.com https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.595 / Virus Database: 378 - Release Date: 2/25/2004
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.595 / Virus Database: 378 - Release Date: 2/25/2004
More information about the K12OSN
mailing list