Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
linux_router:nftables_control [2020-06-06 Sat wk23 15:51] – [NFTables IP Control] baumkp | linux_router:nftables_control [2023-04-30 Sun wk17 17:43] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | {{tag> | ||
+ | | ||
+ | I primarily set this feature up to act as a form of parental control on my home internet access. | ||
- | =====NFTables | + | ====Disable Range of IP addresses, with count-down timer==== |
- | I primarily set this feature up to act as a form of parental control on my home internet access. | + | The DHCP assigned addresses in the range 100 - 254 were to be disabled (dropped) in the evening. The addresses below 100 were assigned a specific IP address in the DHCP based upon MAC. |
I added a [[https:// | I added a [[https:// | ||
Line 198: | Line 201: | ||
chain postrouting { | chain postrouting { | ||
type nat hook postrouting priority 0; policy accept; | type nat hook postrouting priority 0; policy accept; | ||
+ | |||
+ | # Allow internal clients to correctly see external address " | ||
ip saddr 192.168.1.0/ | ip saddr 192.168.1.0/ | ||
ip saddr 192.168.1.0/ | ip saddr 192.168.1.0/ | ||
+ | |||
| | ||
| | ||
# | # | ||
- | # Allow internal clients to correctly see external address " | + | |
- | # ip saddr 192.168.1.0/ | + | |
- | # ip saddr 192.168.1.0/ | + | |
- | + | ||
# For Static IP address use SNAT instead of masquerade | # For Static IP address use SNAT instead of masquerade | ||
# ip saddr 192.168.1.0/ | # ip saddr 192.168.1.0/ | ||
- | # | + | # oifname $modem snat 192.168.2.2 |
# oifname $modem masquerade | # oifname $modem masquerade | ||
# where the snat address is the external router fix IP address. | # where the snat address is the external router fix IP address. | ||
Line 272: | Line 275: | ||
'' | '' | ||
- | Some other tools: | + | ++++ example: '' |
+ | < | ||
+ | # Edit this file to introduce tasks to be run by cron. | ||
+ | # | ||
+ | # Each task to run has to be defined through a single line | ||
+ | # indicating with different fields when the task will be run | ||
+ | # and what command to run for the task | ||
+ | # | ||
+ | # To define the time you can provide concrete values for | ||
+ | # minute (m), hour (h), day of month (dom), month (mon), | ||
+ | # and day of week (dow) or use ' | ||
+ | # | ||
+ | # Notice that tasks will be started based on the cron's system | ||
+ | # daemon' | ||
+ | # | ||
+ | # Output of the crontab jobs (including errors) is sent through | ||
+ | # email to the user the crontab file belongs to (unless redirected). | ||
+ | # | ||
+ | # For example, you can run a backup of all your user accounts | ||
+ | # at 5 a.m every week with: | ||
+ | # 0 5 * * 1 tar -zcf / | ||
+ | # | ||
+ | # For more information see the manual pages of crontab(5) and cron(8) | ||
+ | # | ||
+ | # m h dom mon dow | ||
+ | # Example of job definition: | ||
+ | # .---------------- minute (0 - 59) | ||
+ | # | .------------- hour (0 - 23) | ||
+ | # | | .---------- day of month (1 - 31) | ||
+ | # | | | .------- month (1 - 12) OR jan, | ||
+ | # | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun, | ||
+ | # | | | | | | ||
+ | # * * * * * | ||
+ | # 45 23 * * * / | ||
+ | # 30 23 * * 5-6 / | ||
+ | # 30 22 * * 0-4 / | ||
+ | </ | ||
+ | |||
+ | The crontab files are stored at ''/ | ||
+ | |||
+ | ====Limit Rate on IP Address Range==== | ||
+ | The rate limit command needs to be placed before the other commands that could accept packets before reaching the rate limit command, e.g. '' | ||
+ | *'' | ||
+ | The existing rules with handles displayed can be displayed with: | ||
+ | *'' | ||
+ | The above command will accept packets according to filter that do not exceed 1200kbytes/ | ||
+ | Another form of syntax would be to drop packets that exceed the limit, this allows the amount of drop packets to be seen with the counter enabled: | ||
+ | *'' | ||
+ | |||
+ | My internet bandwidth is currently limited to about 25Mbit/s, dividing by 8 give approximate MByte/s, i.e. about 3MB/s or 3000mbytes/ | ||
+ | ====Some other tools==== | ||
*'' | *'' | ||
*'' | *'' |