

Ask HN: Have you used iptables to prevent procrastination? - b3eck

After reading the comments on today's Disconnecting Distraction essay by PG (http://news.ycombinator.com/item?id=192654), I realized that I wanted to throttle my internet usage, not relegate it to a few times during the day.  That way, I could still spend some time online, but the "Unable to connect" page would set off alarms.  Is there anyone out there who uses iptables to prevent procrastination?<p>Not having used iptables before, but knowing that I wasn't blocking anything because I'm behind a router firewall, I read the man page and implemented some rules that throttled my hourly connections to 200:<p><pre><code>  iptables -A OUTPUT -p ! tcp -j ACCEPT
  iptables -A OUTPUT -p tcp --dport ! 80 -j ACCEPT
  iptables -A OUTPUT -p tcp --dport 80 -m limit --limit 400/hour --limit-burst 500 -j ACCEPT
  iptables -A OUTPUT -j REJECT
</code></pre>
Surprisingly, after implementing these commands, I searched on Google and didn't find any mentions of iptables preventing procrastination.  Surely I'm not the only one to have thought of this idea, but it didn't feel right to comment this late on the original article and not help anyone.  It's helped me significantly so far, and even made submitting this question a bit tricky.  So, hopefully these commands help someone else, and if you have better rules, feel free to share...
======
b3eck
Please correct me if I'm wrong, but here's a guess at a Mac OS X version of
the commands:

    
    
      sudo ipfw add 1 pipe 1 src-port 80
      sudo ipfw pipe 1 config bw 500Byte/s

------
kogir
Or, if you need full access (including web) to the local subnet, but wish to
restrict your internet access, just remove your default gateway. I do this
regularly with good results.

------
bartman
I actually thought about doing this quite a few times, but ran off
procastinating instead of reading the man page. Will try, thanks!

~~~
b3eck
Glad you didn't procrastinate this time around...and glad I wasn't the only
one to think of it :-)

------
leisuresuit
just put the sites you waste most of your time on in your hosts file like
this:

reddit.com 127.0.0.1

problem solved, forever.

~~~
sharjeel
I also added this rule but then I started going to anonymouse.org for browsing

------
xlnt
i hear comcast already provides a free service something like this

~~~
b3eck
Yes, my router provides access restrictions by day, hour, website, and
keyword, but I wanted a throttle for my own computer that wouldn't effect the
rest of my family. If you're the only one using the connection, then controls
at the router or at Comcast's routers makes sense. Also mentioned on the other
thread was Freedom ( <http://www.ibiblio.org/fred/freedom/> ), a Mac-only
application that disables access for a specific period of time or until you
reboot. However, throttling sounded better to me, and other iptables modules
(e.g. time and owner) can match packets for certain users and certain times of
the day. I haven't thought it all out yet, I'm seeing what helps the most to
improve my efficiency. (RescueTime, feel free to implement this feature :-)

~~~
xlnt
i was actually making a joke about how they silently kill some of your traffic
for you.

~~~
b3eck
Yes, fortunately they're still up at port 6881 and have a ways to go to get
down to 80 :-)

