[K12OSN] OT: Limit Network Access by time
Steve Wright
paua at quicksilver.net.nz
Fri Feb 27 16:51:09 UTC 2004
the trick is not to top post.. ;-) Quoting correctly preserves the
flow of the conversation. /steve
On Sat, 2004-02-28 at 04:06, Jim Kronebusch wrote:
> I get confused who is responding to who on this list sometimes :-)
>
> -----Original Message-----
> From: k12osn-admin at redhat.com [mailto:k12osn-admin at redhat.com] On Behalf
> Of Christopher K. Johnson
> Sent: Friday, February 27, 2004 8:40 AM
> To: k12osn at redhat.com
> Subject: Re: [K12OSN] OT: Limit Network Access by time
>
>
> Jim Kronebusch wrote:
>
> >Wouldnât the following two commands
> >0 23 * * * /sbin/ipchains -I ethout 1 -i eth1 -j DENY
> >0 23 * * * /sbin/ipchains -I ethin 1 -i eth1 -j DENY Completely disable
>
> >the interface on all ports? I assumed if I ran this on the local
> >(Green Network for IPCop) it would disable routing completely. I am
> >not looking for a port specific block, just an entire shutdown.
> >Otherwise they will still be up all night on file sharing networks
> >downloading stolen music and porn while instant messaging each other
> >about what so and so said at school today. I want the network dead
> >during off hours.
> >
> >-----Original Message-----
> >From: k12osn-admin at redhat.com [mailto:k12osn-admin at redhat.com] On
> >Behalf Of Christopher K. Johnson
> >Sent: Friday, February 27, 2004 6:47 AM
> >To: k12osn at redhat.com
> >Subject: Re: [K12OSN] OT: Limit Network Access by time
> >
> >
> >aust_txv at ACCESS-K12.org wrote:
> >
> >
> >
> >>Jim I use the cron tab interface in webmin to make my cron tab jobs.
> >>That's a neat idea overall - Closing internet in/out traffic would be
> >>a nice tool. We get a peer-to-peer issue now and then.
> >>
> >>Has anyone had a student connect to their PC at home via VNC ? Should
>
> >>I be concerned ? Ideas on how to squash it ?
> >>
> >>Thanks,
> >>Tom Ventresco
> >>
> >>
> >
> >You can complicate such access but you cannot block it. Any unproxied
> >service or even ssl-based proxied service can be used to tunnel such
> >access. For instance if you permit access to https then the student
> >just has to make their home vnc listen on port 443, or their sshd and
> >tunnel their vnc connection to do it securely even.
> >
> >So you can block ports in 5900-59xx and port 22 if you want to, but
> >chances are they will find an alternative, and you will merely have
> >complicated your own vnc and ssh access to outside systems.
> >
> >
> >
> My "You can complicate..." response was in reply to the "Has anyone had
> a student connect to their PC at home via VNC?...how to squash it"
> inquiry. If all traffic is disabled, that would of course disable access
> to vnc
> and all alternative services on outside hosts.
More information about the K12OSN
mailing list