Craig Rodway

things I've said and made

Internet Control

25 July 2009GPL, AutoIt, IPCopComplete

IPCop

IPCop is a community Linux firewall distribution, which was forked from Smoothwall a long time ago. It is used at the school as a firewall, router, and filtering proxy service (with the help of several addons). These addons are Advanced Proxy and URL Filter.

Classroom Extensions

Part of the Advanced Proxy addon is the Classroom Extensions (CRE) feature. It allows the definition of ‘rooms’ (based on IP addresses), and these rooms can have their internet turned on and off at the click of a button from within the web-based interface from permitted clients (supervisors). A pitfall of this feature is that viewing the CRE access page in a browser from a supervisor IP address makes it possible to modify access for all defined rooms. In the school environment, this is undesirable.

Internet Control

What was needed was a simple GUI for staff, which allowed them to turn internet access on and off for their room only. The script was created in AutoIt and converted to an executable for use on the network. It is launched from a shared folder.

When launched, it would consult an INI file to work out which room it should control. Using HTTP requests, it gets the CRE access page and then parses it to determine the room’s current status. Two buttons would be presented to the user (on and off), with the unavailable option in a disabled state. When a button is clicked, an appropriate HTTP request is sent to the CRE access page, the action is carried out, and the button states are switched.

Example INI file

[computers]
ict1-teacher=ict1
sdyc-teacher=sdyc
ict2-teacher=ict2
ict3-teacher=ict3
ict4-teacher=ict4

In the above example INI file, the key is the computer name and the CRE ‘room’ is the value. The workstation named ict1-teacher can only control the CRE room ict1.

Updater

Due to the nature of CRE using IP addresses, its list of rooms and their IP addresses can soon become out of date in a DHCP environment. On the IPCop box, the lists are stored as a plain-text INI-type file. In order to keep the lists up to date, another AutoIt script was created that runs as a scheduled task. This script:

• Parses Active Directory locations via LDAP
• Retrieves computers and gets their IP addresses
• Writes the information to an INI file
• Copies the INI file to the IPCop box via SCP
• Restarts Squid via SSH, so it consumes the updated lists

The updater script requires three external files for the SCP file transfer to function:

• plink.exe
• pscp.exe
• key.ppk – SSH key for password-less login to the root account on the IPCop box

It will need to be edited to suit your network, and optionally compiled.

Project links

• Controller source
• Updater source
• Manual
• AutoIt Website

Latest articles

• Twitter causes world silence
• Alternative Facebook groups and apps
• What's wrong with the Spotify GUI
• HF'r
• Snowfall closes Britain
• Apple unveil iPod Grain
• General Certificate of Silly Examinations
• Drinks cans for dummies

All projects

• Classroombookings
• Internet Control
• Login Tracker
• Zimbra, Pre-authentication and Prism

Latest from Flickr

 

Me at other places

• Delicious
• Facebook
• Flickr
• Last.fm
• Twitter