[Klug-general] block/whitelist sites, at certain times

James Morris jwm.art.net at gmail.com
Tue Nov 5 01:46:15 UTC 2013 

Hello again...

Here's what I've come up with. It uses tinyproxy, dansguardian, and
iptables to do the dirty work. Any comments appreciated. It can sometimes
take a long time for https connections to be disallowed. I've briefly
looked into using tcpkill and cutter to kill the connections but not got
far...

Thanks, James.


My instructions:


how to block your internet distraction for all but ten minutes in every
hour in linux.

Follow instructions "Setup DansGuardian" at:
(ignoring "Setup Firefox" instructions)

http://tinyapps.org/docs/ubuntu_whitelist_blacklist_websites.html

(obvious note: users of distros not based on Debian/Ubuntu will need to
adjust the above instructions accordingly.)

Copy the code below (begining #!/bin/bash and ending #EOF) into a text
editor and saves as "iptables_block_rule" (minus quotes of course).

#!/bin/bash

# the rule, redirects tcp traffic to dansguardian:
RULE="OUTPUT -p tcp -m owner ! --uid-owner proxy -m multiport --dports
http,https -j REDIRECT --to-port 8080"

# check for existing (duplicate) rules and delete them:
# the check:
iptables -t nat -C $RULE 2> /dev/null
while [ $? -eq 0 ]; do
    # the deletion:
    iptables -t nat -D $RULE
    # check for duplicates:
    iptables -t nat -C $RULE 2> /dev/null
done


# only add rule if any arguments were passed to script:
if [[ $# -gt 0 ]]; then
    iptables -t nat -A $RULE
fi


# list rules:
# iptables -t nat -L

#EOF

Limit the file permissions on the file you saved:
chmod -v 0754 iptables_block_rule

Change ownership to root:
sudo chown -v root:root iptables_block_rule

Move file to root's home directory:
sudo mv -v iptables_block_rule /root/

Ok everything is now in place to setup the cron job which will run the
script to turn the internet on at eleven minutes to the hour before turning
it off again at 1 minute to the hour.

To do that:
sudo crontab -e

and add the following lines at the end of the file:
49 * * * * /root/iptables_block_rule
59 * * * * /root/iptables_block_rule deny


PS this was supposed to take five minutes and then I'd be able to get on
with my programming without distraction - THIS has been tonights
distraction!



On 4 November 2013 18:55, James Morris <jwm.art.net at gmail.com> wrote:

> uh sorry looks like google is a good place to start.
>
> James
>
> On Nov 4, 2013 6:29 PM, "James Morris" <jwm.art.net at gmail.com> wrote:
> >
> > hi I came across the leech block plugin for Firefox the other day but it
> isn't quite what I want.
> >
> > was wondering if you guys had any suggestions for blocking all websites
> except for a few white listed for  50 minutes in every hour (for example).
> >
> > am not really sure where to start, any suggestions for where to look
> appreciated, thanks.
> >
> > James
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/kent/attachments/20131105/29b1c41e/attachment.html>

More information about the Kent mailing list