From: "Ing. Juan Cardoza" <ing.jcardoza@gmail.com>
To: 'Greg Folkert' <greg@donor.com>, 'Danny' <dannydebont@gmail.com>
Cc: netfilter@vger.kernel.org
Subject: RE: Quick IP Blocking question
Date: Fri, 14 Mar 2014 09:17:25 -0600 [thread overview]
Message-ID: <003d01cf3f98$82ca0410$885e0c30$@gmail.com> (raw)
In-Reply-To: <1394808599.4771.39.camel@bigboy.gregfolkert.net>
You can use squid integrated with squidgard, that is the best option to manage youtube.
I redirect the requests to a warning webpage with they try to use it during HOO.
Regards
-----Original Message-----
From: netfilter-owner@vger.kernel.org [mailto:netfilter-owner@vger.kernel.org] On Behalf Of Greg Folkert
Sent: viernes 14 de marzo de 2014 08:50 a.m.
To: Danny
Cc: netfilter@vger.kernel.org
Subject: Re: Quick IP Blocking question
On Fri, 2014-03-14 at 15:58 +0200, Danny wrote:
> Hi,
>
> Can you please check if the following rule is correct. The purpose of
> this rule is to allow only access to youtube from 15:00 to 18:00
>
> iptables -A OUTPUT -p tcp --dport 80 -d 208.65.153.238 -m time
> --timestart 15:00 --timeend 18:00 -j ACCEPT iptables -A OUTPUT -p tcp
> --dport 80 -d 208.65.153.238 -j REJECT
>
> How can I modify the above rule to block a specific IP or MAC address
> from my internal network to access youtube at specific times?
>
> Thank you guys
>
> Have a nice day
>
> Danny
Danny,
I hate to break this to you... but Youtube is served by hundreds of IP Addresses. Depnding on time of day, the round robin DNS, the cname rotation and various other things like locations and source netowrk (your ISP). My current list shows a completely different set of IP Addresses that even is close your IP Address here at home (173.194.46.32-46), at Work I get a different set (74.125.225.192-206)
If you are going to do that properly, you'll need to use either transparent proxy or force the browsers to use something like squid and then use name based ACLs with the time restrictions.
Good Luck.
--
greg folkert - systems administration and support
web: donor.com
email: greg@donor.com
phone: 877-751-3300 x416
direct: 616-328-6449 (direct dial and fax) "There's something to be said in favor of working in isolation in the real world."
-- A. R. Ammons
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
prev parent reply other threads:[~2014-03-14 15:17 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-14 13:58 Quick IP Blocking question Danny
2014-03-14 14:49 ` Greg Folkert
2014-03-14 15:17 ` Ing. Juan Cardoza [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='003d01cf3f98$82ca0410$885e0c30$@gmail.com' \
--to=ing.jcardoza@gmail.com \
--cc=dannydebont@gmail.com \
--cc=greg@donor.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).