How to disable internet acess secretely?

12 replies [Last post]
Joined: 11/20/2007
Posts: 26

Hi, I have a problem with a certain teen who stays up all night playing WoW... I would like to know how I could secretly disable his internet acess at night so he can actually get some sleep! My modem/router (gateway) doesn't have this feature.


Joined: 03/22/2009
Posts: 1

Most anti-virus software has the ability to activate a full fire wall which stops all internet access.
He will probably figure it out eventualy but this should provide a temporary solution.

"Usually, the good Lord works in mysterious ways. But not today! This here is 66 tons of straight-up, H.E-spewing dee-vine intervention! If God is love, then you can call me 'Cupid'!"

-St. Johnson

nilzxx's picture
Joined: 02/12/2007
Posts: 160

If you are using a shared computer or have access to his computer, you could set up a user account for him that has limited times (In Win7 and Vista I believe). If this is not the case, and you cannot set such rules on your router, you are out of luck. Unless you want to unplug the router every night.

--complete specs-- Intel Quad Q6700 | Tt TMG i2 | 4GB Crucial Balistix Tracer PC6400 | 1TB Seagate Barracuda | 500GB Seagate Barracuda | XFX GeForce 9800GTX | Asus P5N-D | XION 600W PSU | DVD-RW 16x | DVD 16x | SABRENT TV Tuner | Saitek Cyborg Mouse 3200dpi | Cyba Snipa LED Mousepad | Logitech G15 Gaming keyboard | Aspire Blue X-Dreamer Case | VisionQuest 2ms 22" 19:10 LCD screen (1680x1050) | Logitech Z-5500 Surround Sound

icebreaker's picture
Joined: 04/08/2010
Posts: 14

Remove the modem/router and put it under your pillow ;)

GraysonPeddie's picture
Joined: 10/29/2006
Posts: 570

Build yourself a Linux box with Ubuntu Server and use iptables to setup a time-based rule. Make sure you get a second NIC so you can use that as your internal LAN or WAN, depending on which Ethernet number gets assigned. I assume 192.168.5.x to be your LAN address.

For starters, I will help you out with this.

First, download and burn Ubuntu Server to your blank CD or use a USB flash drive instead. You can save your money by just using a flash drive. No need for blank CDs anymore! :)

I use eth0 for WAN and eth1 for LAN. So, you might want to disconnect your cable from the router's WAN port and connect that to your Linux box so that DHCP can be configured automatically. Be sure you power-cycle your modem. :)

Once you've installed Ubuntu, type in:

sudo nano /etc/sysctl.conf

and set both net.ipv4.ip_forward and net.ipv6.conf.all.forwarding to 1 (note that IPv6 is optional, but it's highly recommended that you switch it in so that your Linux box and any other computers can be IPv6-ready.

Next, type in:

sudo nano /etc/dhcp3/dhclient-enter-hooks.d/nodnsupdate

Hit Enter and type in the following:

#!/bin/sh<br /> make_resolv_conf(){<br /> :<br /> }

This stops the DHCP Client from messing with the /etc/resolv.conf file.

Next, type in:

sudo nano apt-get install dhcp3-server bind9

Type in "y" and press Enter. This will install the needed programs for serving IPv4 addresses and provide a DNS server.

Next type in:

sudo nano /etc/resolv.conf

and type in:


This will point to the local DNS server. You can give it a try by pinging If it works, you don't need to mess with the local DNS server.

Now for the network interfaces:

sudo nano /etc/network/interfaces

# The loopback network interface<br /> auto lo<br /> iface lo inet loopback</p> <p># The primary network interface<br /> auto eth0<br /> iface eth0 inet dhcp<br /> post-up iptables-restore < /etc/iptables.up.rules</p> <p># LAN Interface<br /> auto eth1<br /> iface eth1 inet static<br /> address<br /> netmask

Now, for the next file:

sudo nano /etc/iptables.up.rules

# Generated by iptables-save v1.4.8 on Sat Jul 10 10:14:52 2010<br /> *nat<br /> :PREROUTING ACCEPT [75044:8540159]<br /> :POSTROUTING ACCEPT [1360:169898]<br /> :OUTPUT ACCEPT [37035:3065074]<br /> -A POSTROUTING -o eth0 -j MASQUERADE<br /> COMMIT<br /> # Completed on Sat Jul 10 10:14:52 2010<br /> # Generated by iptables-save v1.4.8 on Sat Jul 10 10:14:52 2010<br /> *filter<br /> :INPUT DROP [45:5599]<br /> :FORWARD ACCEPT [0:0]<br /> :OUTPUT ACCEPT [13:2823]<br /> -A INPUT -p tcp -m tcp -m multiport --dports 22 -j ACCEPT<br /> -A INPUT -i lo -j ACCEPT<br /> -A INPUT -i eth1 -j ACCEPT<br /> -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT<br /> -A FORWARD -i eth1 -o eth0 -j ACCEPT<br /> -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT<br /> COMMIT<br /> # Completed on Sat Jul 10 10:14:52 2010

And for the last part. This is where you can setup a DHCP Server:

sudo nano /etc/dhcp3/dhcpd.conf

authoritative;<br /> option domain-name-servers;<br /> option routers;</p> <p>subnet netmask {<br /> range;<br /> }

You can then restart your Linux box.

Now, all you need to do is connect your router's LAN ports to the back of your Linux box's Ethernet port associated with eth1.

If your main computer is connected to the router, you will need to log in, disable your router's DHCP server since your Linux box provides one, and change your router's IP address to Your router can be an access point if you have that capability.

So let's recap:

Modem <-> Ubuntu Server <-> Switch/Access Point <-> Computers

If you can access the Internet with your computer that is connected to the Linux box, congrats! Now you can setup a time-based filtering using iptables using the link I've provided. :)

EDIT: Oh, know what? I did not realize that this thread is quite old. Please excuse me for resurrecting this thread.

PC: Tt Core V21; Kaveri APU, 16GB RAM, GTX 960, Arch Linux
Server: Rosewill Legacy V6-S, AMD Athlon 5350 APU, 8GB RAM, 90W DC-IN PSU, Ubuntu Server

Joined: 10/25/2009
Posts: 6

well do u have control over the BNET account...
eg pw and secret question if so.
Go to login.
go to perinatal controls. and u can set what times they can play
but me being a wow player i would kill you

Joined: 10/25/2009
Posts: 6

also who makes your router

Joined: 04/21/2002
Posts: 102

Or you can easily tap into the router from your pc and disable are done.

Case close.

Need For Speed

Joined: 04/21/2002
Posts: 102

Another way is to tap into the router and quickly rebooted from time to time. Most routers have this option.

This will piss anyone off. (lol)

dustyschaffner's picture
Joined: 06/02/2009
Posts: 334

if it was me, in my house, i would just walk down to the basement and unscrew the modem's cable from the coax splitter on the rafters

Joined: 04/21/2002
Posts: 102

There are also those wireless remotes that disable electrity to a wall outlet.
I have a couple of those and works wonders.

Joined: 09/11/2003
Posts: 15

On My router I have it set where only mac addresses I allow can use My router. You could set this up and disable His computers mac address at will. :P

Joined: 04/21/2002
Posts: 102

Tracer when adding MAC addresses to the router just don't include his.
YEs this is to tap into those machines that want to use your wireless for extra security protection.