<p dir="ltr">I found it easier to have a script per brat, er, um, child, I could run that flat killed their internet access. I used static assigned dhcp and had a table per child that normally did nothing. Running the block script added a DROP to that table.</p>
<p dir="ltr">At one point I could ruin their life with a special email to a special address. It sucks having a parent whose job is sysadmin. </p>
<p dir="ltr">:-)</p>
<div class="gmail_extra"><br><div class="gmail_quote">On Aug 26, 2016 9:58 AM, "Chris Fowler" <<a href="mailto:cfowler@outpostsentinel.com">cfowler@outpostsentinel.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style="font-family:arial,helvetica,sans-serif;font-size:12pt;color:#000000"><div><br></div><div><br></div><hr><div><blockquote style="border-left:2px solid #1010ff;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt"><b>From: </b>"Lightner, Jeffrey" <<a href="mailto:JLightner@dsservices.com" target="_blank">JLightner@dsservices.com</a>><br><b>To: </b>"Atlanta Linux Enthusiasts" <<a href="mailto:ale@ale.org" target="_blank">ale@ale.org</a>><br><b>Sent: </b>Friday, August 26, 2016 8:58:02 AM<br><b>Subject: </b>Re: [ale] Easy way to add and delete iptables rules<br></blockquote></div><div><blockquote style="border-left:2px solid #1010ff;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt">Also the iptables-restore suggests you're editing your iptables file then using the restore to update memory.</blockquote><div>I only do this at boot.</div><div>fail2ban and miniupnpd have active rules when the firewall is running. </div><blockquote style="border-left:2px solid #1010ff;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt"><br><br>Instead you can use "iptables -I" to insert rules in your iptables in memory then use iptables-save to save to the file so you get the new rules on next restore.</blockquote><div><br></div><div>This would be a problem because that would restore nat rules at boot created by UPnP that are no longer valid. Maybe miniupnpd would see it and delete it. Not sure.</div><blockquote style="border-left:2px solid #1010ff;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt"><br>You can use "iptables -nL --line-numbers" to see existing rules and the lines they're on then specify the line number you wish to insert into with the -I flag.</blockquote><div><br></div><div>Yes, that I can do. List them, grok them, build a command, and execute it.</div><div><br></div><div>My hope was that I can simply create a table for each kid and just add and delete with ease. If I need to list line numbers, parse it out, and do it that way I can do that too. I hesitate because I'm not sure that way is the "pest practice".</div><div><br></div><div><br></div><br></div></div></div><br>______________________________<wbr>_________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/<wbr>listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/<wbr>listinfo</a><br>
<br></blockquote></div></div>