DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 25th June 2014
EverydayDiesel EverydayDiesel is offline
Shell Scout
 
Join Date: Jan 2009
Posts: 108
Thanked 0 Times in 0 Posts
Default Enabling A Connection Between Certian Hours

Is there a way to bring up/down interfaces for different hours of the day?

I am looking to make eth1 up between the hours of 8am and 11pm.

Can someone please help me in doing this.

Thanks in advance!
Reply With Quote
  #2   (View Single Post)  
Old 25th June 2014
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,935
Thanked 190 Times in 160 Posts
Default

Quote:
Originally Posted by EverydayDiesel View Post
Is there a way to bring up/down interfaces for different hours of the day?
Sure.
  • Look at the ifconfig(8) manpage to figure out how to construct the command to take an interface up & down.
  • Look at the cron(8) & crontab(1) manpages to set up when to bring up the interface (8:00am), & when to bring it down (11:00pm).
Quote:
I am looking to make eth1...
Ewww, Linuxisms. Yuck.

Although the following article was written to address FreeBSD, cron is pretty standard across most Unix derivatives, & hey, it is written by Dru Lavigne, & anything from Dru Lavigne is noteworthy.

http://www.onlamp.com/pub/a/bsd/2000...cs.html?page=1

And when it comes to OpenBSD, always correlate information back to what can be found in the manpages.


Last edited by ocicat; 25th June 2014 at 09:46 PM.
Reply With Quote
  #3   (View Single Post)  
Old 25th June 2014
EverydayDiesel EverydayDiesel is offline
Shell Scout
 
Join Date: Jan 2009
Posts: 108
Thanked 0 Times in 0 Posts
Default

i am comfortable with ifconfig eth1 up and ifconfig eth1 down but the cron i have never done before so i will read up on it now

is there any security risk in having cron tab running in the background? or is it always running anyways?

Last edited by EverydayDiesel; 25th June 2014 at 10:11 PM.
Reply With Quote
  #4   (View Single Post)  
Old 25th June 2014
ibara's Avatar
ibara ibara is offline
Package Pilot
 
Join Date: Jan 2014
Posts: 172
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by EverydayDiesel View Post
i am comfortable with ifconfig eth1 up and ifconfig eth1 down but the cron i have never done before so i will read up on it now
Please don't use eth*. I know you're trying to genericize this, but the BSDs don't use that vocabulary. Instead, they use the name of the interface. It's an important habit to get into early. You may inadvertently confuse new readers (or yourself) reviewing this information in the future.

Quote:
Originally Posted by EverydayDiesel View Post
is there any security risk in having cron tab running in the background? or is it always running anyways?
There is no risk unless you enter a command you aren't entirely certain you know what it does. But this is not exclusive to cron.
__________________
@bcallah on app.net
NYC*BUG
Reply With Quote
  #5   (View Single Post)  
Old 25th June 2014
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,891
Thanked 214 Times in 189 Posts
Default

The cron(8) daemon has been started by default in OpenBSD since its incept in 1996.

In her book, BSD Hacks (ISBN 0-596-00679-9), Dru Levigne included gave an example (from contributor Michael Vince) of solving this same problem using PF filter rule changes rather than ifconfig commands. It also uses crontab(1).
Reply With Quote
  #6   (View Single Post)  
Old 26th June 2014
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,935
Thanked 190 Times in 160 Posts
Default

Quote:
Originally Posted by EverydayDiesel View Post
ior is it always running anyways?
Looking at root's crontab:
Code:
$ sudo crontab -l -u root                                                                         <
#
SHELL=/bin/sh
PATH=/bin:/sbin:/usr/bin:/usr/sbin
HOME=/var/log
#
#minute hour    mday    month   wday    command
#
# sendmail clientmqueue runner
#*/30   *       *       *       *       /usr/sbin/sendmail -L sm-msp-queue -Ac -q
#
# rotate log files every hour, if necessary
0       *       *       *       *       /usr/bin/newsyslog
# send log file notifications, if necessary
#1-59   *       *       *       *       /usr/bin/newsyslog -m
#
# do daily/weekly/monthly maintenance
30      1       *       *       *       /bin/sh /etc/daily
30      3       *       *       6       /bin/sh /etc/weekly
30      5       1       *       *       /bin/sh /etc/monthly
#0      *       *       *       *       sleep $((RANDOM \% 1800)) && /usr/libexec/spamd-setup
$
Various maintenance tasks are in place by default; others are easily enabled.
Reply With Quote
  #7   (View Single Post)  
Old 29th June 2014
EverydayDiesel EverydayDiesel is offline
Shell Scout
 
Join Date: Jan 2009
Posts: 108
Thanked 0 Times in 0 Posts
Default

This is a great forum. Thanks for all the help.

One last question. How can in ensure that the interface is down when the system boots?
Reply With Quote
  #8   (View Single Post)  
Old 29th June 2014
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,891
Thanked 214 Times in 189 Posts
Default

The netstart(8) script is invoked by rc(8) at boot. If you do not want your interface operational at boot, either do not have a defined /etc/hostname.<if> for the interface, or, have one that merely includes the word "down" on a single line.
Reply With Quote
  #9   (View Single Post)  
Old 29th June 2014
EverydayDiesel EverydayDiesel is offline
Shell Scout
 
Join Date: Jan 2009
Posts: 108
Thanked 0 Times in 0 Posts
Default

if i dont have a defined /etc/hostname.<if> and i create one with crontab, will the OS know to start using that interface or will I have to restart a service for it to read the new hostname file?
Reply With Quote
Old 29th June 2014
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,891
Thanked 214 Times in 189 Posts
Default

Consider:
  • netstart(8) executed without any options will start all network interfaces defined in hostname.if(5) files.
  • netstart(8) is executed by rc(8) at boot time.
Adding or deleting a hostname configuration file will only have an impact:
  • at boot
  • if the admin -- you -- run netstart(8) yourself
The book I mentioned above? It used an example that changed PF configuration based on time of day, via cron(8). Why don't you consider this?



No gyrations with network interface configurations would be needed if you elected to control access using PF -- and if you think about it, that's what PF is for. In the book's example, the contributor controlled the time window for internet access for a single workstation .. but you could do the same for an entire subnet, just as easily.
Reply With Quote
Old 29th June 2014
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,891
Thanked 214 Times in 189 Posts
Default

Here's a PF configuration suggestion, as follow-up. Use PF's Anchor facility.
  • Set your standard, default configuration to block the subnet.
  • Add an anchor where transient pass rules would be applied.
  • Add cron jobs to add and remove the anchor rules
On boot, access would be blocked as you desire. You could manually execute the scripts to add or remove the achor rules outside the cron(8) schedule.


See http://www.openbsd.org/faq/pf/anchors.html
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Help Enabling Cisco VPN Client Traffic on PF EverydayDiesel OpenBSD Security 5 26th February 2013 06:07 PM
enabling linux binary emulation .. could it harm ? daemonfowl OpenBSD Security 7 30th July 2012 02:20 PM
US e-voting system cracked in less than 48 hours J65nko News 0 6th March 2012 01:52 AM
Working dial-up connection - No Client Connection vigol FreeBSD General 5 22nd November 2009 10:59 PM


All times are GMT. The time now is 02:30 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick