Hacker News .hnnew | past | comments | ask | show | jobs | submitlogin
Ask HN: Have you used iptables to prevent procrastination?
8 points by b3eck on May 17, 2008 | hide | past | favorite | 10 comments
After reading the comments on today's Disconnecting Distraction essay by PG (https://hackernews.hn/item?id=192654), I realized that I wanted to throttle my internet usage, not relegate it to a few times during the day. That way, I could still spend some time online, but the "Unable to connect" page would set off alarms. Is there anyone out there who uses iptables to prevent procrastination?

Not having used iptables before, but knowing that I wasn't blocking anything because I'm behind a router firewall, I read the man page and implemented some rules that throttled my hourly connections to 200:

  iptables -A OUTPUT -p ! tcp -j ACCEPT
  iptables -A OUTPUT -p tcp --dport ! 80 -j ACCEPT
  iptables -A OUTPUT -p tcp --dport 80 -m limit --limit 400/hour --limit-burst 500 -j ACCEPT
  iptables -A OUTPUT -j REJECT
Surprisingly, after implementing these commands, I searched on Google and didn't find any mentions of iptables preventing procrastination. Surely I'm not the only one to have thought of this idea, but it didn't feel right to comment this late on the original article and not help anyone. It's helped me significantly so far, and even made submitting this question a bit tricky. So, hopefully these commands help someone else, and if you have better rules, feel free to share...


Or, if you need full access (including web) to the local subnet, but wish to restrict your internet access, just remove your default gateway. I do this regularly with good results.


Please correct me if I'm wrong, but here's a guess at a Mac OS X version of the commands:

  sudo ipfw add 1 pipe 1 src-port 80
  sudo ipfw pipe 1 config bw 500Byte/s


I actually thought about doing this quite a few times, but ran off procastinating instead of reading the man page. Will try, thanks!


Glad you didn't procrastinate this time around...and glad I wasn't the only one to think of it :-)


just put the sites you waste most of your time on in your hosts file like this:

reddit.com 127.0.0.1

problem solved, forever.


I also added this rule but then I started going to anonymouse.org for browsing


i hear comcast already provides a free service something like this


Yes, my router provides access restrictions by day, hour, website, and keyword, but I wanted a throttle for my own computer that wouldn't effect the rest of my family. If you're the only one using the connection, then controls at the router or at Comcast's routers makes sense. Also mentioned on the other thread was Freedom ( http://www.ibiblio.org/fred/freedom/ ), a Mac-only application that disables access for a specific period of time or until you reboot. However, throttling sounded better to me, and other iptables modules (e.g. time and owner) can match packets for certain users and certain times of the day. I haven't thought it all out yet, I'm seeing what helps the most to improve my efficiency. (RescueTime, feel free to implement this feature :-)


i was actually making a joke about how they silently kill some of your traffic for you.


Yes, fortunately they're still up at port 6881 and have a ways to go to get down to 80 :-)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: