2021-01-28 13:18:23 +00:00
|
|
|
#!/bin/sh
|
2021-07-29 14:02:20 +00:00
|
|
|
# Blocks internet at night using iptables and enables it only upon request
|
2022-01-10 10:52:17 +00:00
|
|
|
# TODO Migrate to nftables
|
2021-07-29 14:02:20 +00:00
|
|
|
|
|
|
|
# Auto-elevate
|
2021-04-02 18:57:58 +00:00
|
|
|
test "$EUID" -eq 0 || exec sudo "$0" "$@"
|
|
|
|
set -e
|
|
|
|
|
2021-01-28 13:18:23 +00:00
|
|
|
# https://askubuntu.com/a/124512 and https://blog.sleeplessbeastie.eu/2018/06/21/how-to-create-iptables-firewall-using-custom-chains/
|
2021-04-02 18:57:58 +00:00
|
|
|
iptables --new-chain chain-times 2>/dev/null || iptables --flush chain-times
|
2021-01-28 13:18:23 +00:00
|
|
|
# Always allow local connections - https://serverfault.com/a/550278
|
2021-04-02 18:57:58 +00:00
|
|
|
iptables -A chain-times -m owner --uid-owner janek -d 192.168.1.0/24 -j ACCEPT
|
|
|
|
iptables -A chain-times -m owner --uid-owner janek -d 127.0.0.0/8 -j ACCEPT
|
2021-03-26 18:02:21 +00:00
|
|
|
|
|
|
|
time9=$(date -u -d "$(date -d 09:00)" +%k)
|
2021-04-02 18:57:58 +00:00
|
|
|
iptables -A chain-times -m owner --uid-owner janek -j DROP -m time \
|
|
|
|
--timestart $(date -u -d "$(date -d "${1:-15 min}")" +%k:%M) --timestop $(expr $time9 - 2):00
|
2021-05-20 10:15:04 +00:00
|
|
|
|
|
|
|
# TODO Only 10 minutes every hour, anything else needs justification
|
|
|
|
|
2021-04-02 18:57:58 +00:00
|
|
|
# Only allow periodical internet access in the morning
|
|
|
|
#iptables -A chain-times -m owner --uid-owner janek -j DROP -m time --weekdays 1-5 \
|
|
|
|
# --timestart $time9:20 --timestop $(expr $time9 + 1):00
|
|
|
|
#iptables -A chain-times -m owner --uid-owner janek -j DROP -m time --weekdays 1-5 \
|
|
|
|
# --timestart $(expr $time9 + 1):20 --timestop $(expr $time9 + 2):00
|
2021-03-26 18:02:21 +00:00
|
|
|
|
2021-04-02 18:57:58 +00:00
|
|
|
iptables -L OUTPUT | grep -q "^chain-times" || iptables -A OUTPUT -j chain-times
|
2021-02-01 03:15:53 +00:00
|
|
|
if test "$2" = "--save"; then
|
2021-04-02 18:57:58 +00:00
|
|
|
iptables-save | tee /etc/iptables/walli.rules
|
|
|
|
echo "@reboot root $(which iptables-restore) < /etc/iptables/walli.rules" | tee /etc/cron.d/iptables-times
|
2021-02-01 03:15:53 +00:00
|
|
|
fi
|