#!/bin/ksh # Note: To make this handier to run, I've soft-linked it to a # path-reachable location: # # ln -s /home/dave/bedtime /usr/local/bin/ # # Check for root # ============================================================== effective_uid=$(id -u) if [[ $effective_uid -ne 0 ]] then echo "Must be run as root! (Use doas.)" exit 1 fi # 'enforce' mode - Invoke bedtime to kill connections # ============================================================== if [[ $1 == 'enforce' ]] then echo "Goodnight clocks and goodnight socks." # replace rules at anchor to block traffic pfctl -a bedtime -f - << EOF pass proto tcp from EOF # We have to kill the state for established connections or # streaming services, etc. won't stop. # # Flush the state table entirely (too extreme!) # # pfctl -F state # # Kill states by network (better, but will still kill # connections that were in the bedtime_exempt list) pfctl -k 10.0.0.0/24 # TODO: figure out match ... label for packets NOT # in self or and then kill by # label - see man pfctl (the "-k label" option) # well. exit fi # 'lift' mode - Allow traffic # ============================================================== if [[ $1 == 'lift' ]] then echo "Arise! Awaken!" # write the standard rule # (pass from all dhcpd leased addresses) #pass proto tcp from pfctl -a bedtime -f - << EOF pass all EOF exit fi # 'update-table' - Re-load exemptions table from no_bedtime.txt # ============================================================== if [[ $1 == 'update-table' ]] then fname='/home/dave/no_bedtime.txt' echo "Updating 'bedtime_exempt' from $fname..." pfctl -t bedtime_exempt -T replace -f $fname exit fi # 'ls' - Display list of # ============================================================== if [[ $1 == 'ls' ]] then echo "Contents of table:" pfctl -t leased_ips -T show exit fi # If none of the above, show useful info about 'bedtime' # ============================================================== LEASED=$(pfctl -t leased_ips -T show | wc -l) echo echo "-----------------------------------------------------" echo "Number of entries: $LEASED" echo "Use 'bedtime ls' to list leased IPs." echo "See also 'less /var/db/dhcpd.leases'" echo echo " table" echo "To update:" echo " * edit: no_bedtime.txt" echo " * run: bedtime update-table" echo "-----------------------------------------------------" pfctl -t bedtime_exempt -T show echo "-----------------------------------------------------" echo echo "Current 'bedtime' anchor rules:" echo "To change:" echo " * bedtime enforce enact bedtime (no internet!)" echo " * bedtime lift stop bedtime (internet back)" echo "-----------------------------------------------------" pfctl -a bedtime -sr echo "-----------------------------------------------------" echo echo "Other commands:" echo " pfctl -sr show pf rules"