This is correct. I will restrict for some user the traffic and the time. Because some User make heavy traffic in the month. The time restriction ist to have a control.
To restrict all IP traffic is not possible yet. The packet filter configuration does not allow to set time-based rules. But you can restrict http access by using RADIUS authentication for a defined time. Look at www.astaro.com/kb for more informattion" /bagira
Bagira is probably well aware of this, but his answer is the "safe" one. If you do what I offer as an option, you have to be responsible for your mistakes and know what you're doing.
As for regulation of MAC addresses, there have been many posts about this. Since it is child's play these days to tinker with the MAC address, there is no big security advantage in regulating it, so Astaro has not made MAC rules a priority feature to be added.
The iptables command has a --mac-source switch, so if you're a "psycho" (and I mean that in a complementary way...), you could add it to routes.local (Search...)
Just had to solve the time restriction problem as well, and fortunately found in another thread a reference to the "acl ... time" option in Squid, see Squid manual.
So to restrict all accesses via the HTTP proxy from 1500 to 0500 for all days of the week, add the line
acl Safe_ports time SMTWHFA 05:00-15:00
before line [] in the file /var/storage/chroot-squid/etc/squid.conf-default
Then in WebAdmin, go to the HTTP proxy page, and add & remove again any port to the "Allowed Target Services:". This forces a refresh of the squid.conf file from squid.conf-default, and a reload of those options into Squid.
Cross-check that the additional acl.. time line is there less /var/storage/chroot-squid/etc/squid.conf
That's all, except that you have to check after every Up2Date if the additional is still there, and redo this procedure if squid.conf-default should have been overwritten by an update.
Please note that this "command line hack" voids support. But it works for for three of my ASL boxes (v5.103).
