How can I turn off internet for roommates that haven't paid the bill this month?
Solution 1
- Make a bash script which adds restrictive iptables rule.
- Put this script in monthly cron.
- Inside the bash script make a condition - if file
~/do_not_block_friends
exists and its modification time is within of month period (stat -c %y filename
) - do not run the script. - Once they pay you do
touch ~/do_not_block_friends
.
Script will run and see that do_not_block_friends
was modified, so it will not run iptables command.
If they did not pay you - script will block them.
Once they have paid you run another prepared script to unlock them.
This is general plan without much details, but I do not think it will be hard to figure out rest of it.
Edit:
Here is more simple way of writing such script:
#!/bin/bash
count=`find ~ -maxdepth 1 -type f -name do_not_block_friends -mtime -31 | wc -l`
if [ "$count" -eq 1 ]; then
# Friends have paid. Do nothing;
else
# Friends have not paid. Run iptables command;
fi
We use find
command with following options:
maxdepth 1
- Do not search recursivetype f
- Search for filename
- Search for this namemtime -31
- Find file which was modified less than 31 days ago
wc -l
will count amount of rows generated by the command. It will be 0
if friends have not paid (nothing found) and it will be 1
if friends did pay and we did touch
control file.
This script does not calculate amount of days in the month and defaults to 31, I think it is fine since we are not building commercial billing system, but I believe even that can be calculated in bash.
Solution 2
It might be more than you're looking for, but have you considered looking into setting up wireless credentials using 802.1x authentication against RADIUS as a backend?
RADIUS can be set up to check whatever validator you desire (something you'll probably have to script and store in a database or something) to see if your roomies have paid their rent. When they authenticate and have paid, the RADIUS authenticates them. Otherwise, it doesn't. The positive aspect to this is that you're not relying on filtering on MAC addresses. That way if you have tech savvy roomies, they won't easily be able to bypass the controls you've put in place.
Solution 3
Check whether your bank account or another transaction solution you may use (PayPal?) provides any way of automatic payment notification, like:
- per-transaction e-mail notification
- daily transaction summary e-mail
- some decent API
If any such method is available, all that's left is writing some simple script that would monitor for payments. You may just parse the e-mails from bank seeking for the monthly payments from your friends. You would need a configuration file storing each friend's account number or ID, sum to pay (might also be a global constant) and MAC address.
The script would then adjust firewall entries according to the monthly payment status.
Afterwards, inform your friends of available payment options and - while configuring your firewall - remember to provide your friends with access to the payment mechanism so that they can still pay when missed the 3-day grace period :)
Related videos on Youtube
spuder
Automation Engineer Deving all of the Ops in Lehi, Utah. Primarily focused in: Puppet Chef Docker #SOreadytohelp
Updated on September 18, 2022Comments
-
spuder over 1 year
I have several roommates who split my internet bill with me each month. On occasion they forget to pay me, and I have to pester them for the money.
If after 3 days of pestering they still haven't paid, I create a firewall rule in my unix based router that blocks traffic to their mac address. This proves to be very effective at getting delinquent roommates to pony up the cash.
How could I automate the adding / removing of a mac address to a firewall rule on the 3rd of every month? I'd like a simple way to unblock them for the rest of the month once they pay.
I'm currently using pfsense. While there is a captive portal module, it doesn't support regulating access per user / per month.
How could I automate blocking/unblocking roommate internet access?
-
NReilingh over 10 yearsWhat you're doing right now sounds like the most efficient way about it -- I can't imagine a captive portal solution being anything more than complete overkill. If anything, you could make a simple shell script to automate the rule adds themselves.
-
Mark Lopez over 10 yearsMAC address are very, very, easy to change and should not be used to form any measure of security. Windows requires one registry edit. Linux requires one command. With one command in Linux he could even copy your MAC address. Seems to me that a better solution would be automate a password change once a month. Restrict access based on your knowledge rather than his lack of there of.
-
VL-80 over 10 years@MarkLopez, you brought up very good point. On my opinion it highly depends on users' education. If roommates are geeks like you - than more serious protection actions must be taken. If roommates are average Windows/Facebook/YouTube users I would be complete happy with MAC address based security. It is highly possible that when you say "MAC address" for them it is same thing as I can build a GUI in Visual Basic and track an IP Address
-
Mark Lopez over 10 years@Nikolay you're right, MAC address changing might be a more advance topic. However, I just wanted to stress that for reference by our posterity - MAC filtering is unreliable. Additionally, MAC filtering in most cases is not the best solution. I want to displace the numerous tutorials online that say MAC filtering is a good security practice.
-
spuder over 10 yearsFor just regulating roommates, mac address spoofing is a very low risk.
-
MDT Guy over 10 yearsKeep it on the down low that you're using MAC addresses, again, they're easily spoofed if one knows what their doing.
-
spuder over 10 yearsMost of my roommates are not technologically savvy. If they did change their mac, I'd figure it out pretty quickly because I'd notice that they aren't paying, but are still using the internet.
-
MDT Guy over 10 yearsYeah, it really sounds like a captive portal would be overkill...
-
VL-80 over 10 yearsBased on your EDIT. What should happen if they pay you late - on 5-th day, etc ? Should "block day" be moved on 5-th of the next month or it should stay 3-rd?
-
spuder over 10 yearsThe block day won't move. The bill is due on the same day every month.
-
leo of borg over 10 yearsBear in mind, everyone, this is a ROOMMATE situation. Instead of trying to block their addresses by MAC, @spuder, I would recommend that you ALLOW only your MAC addresses, and exclude all others. If you have 4 devices then you only allow those. All other MAC addresses (even spoofed) would be excluded. Remember this ONLY an apartment, right? Then, when your sly roomies try to MAC addy spoof... and it doesn't work... you smile. Remember kids: Sometimes it pays to "invert" your thinking...
-
leo of borg over 10 yearsAnd: You can then ask the more responsible roomies 'who pay on time' for their MAC addresses, made a 'preferred pool'... etc. This also cuts unwanted guests from MAC spoofing you as well.
-
SQB over 10 yearsI'm surprised nobody has mentioned the Upside-Down-Ternet yet. Way more fun then just blocking.
-
Ryan Williams over 10 yearsI can't help but imagine Dwight writing this question. ;) How is rent paid, and are any of your room mates not using the internet? I find it's better to handle all monthly bills as a lump sump when it comes to paying for things together rather than chasing everyone for electricity, internet, rent, etc. Even better if it can just be set up as a bank standing order.
-
spuder over 10 yearsIt is student housing. The utilities are included in the rent and are paid individually at the front desk of the apartment complex. The internet is google fiber which is in my name. It is the only bill that is split.
-
PsychoData over 10 yearsCisco Meraki products offer billing systems built right in. You could make them sign up for a plan that worries about making sure they pay you on its own. kb.meraki.com/knowledge_base/…
-
leeand00 over 10 yearsCan anyone pair this down to...just websites your kids shouldn't visit before they have their homework done :-D
-
Ryan Williams over 10 yearsCan you negotiate an agreement with the complex to have them also handle the internet payments? Even if it's just paying it to you?
-
spuder over 10 yearsNo they won't go for that because they have 500 tenants to keep track off.
-
VL-80 about 10 yearsWow. I was wondering why so suddenly I got 5 up votes from old question...
-
spuder about 3 yearsRelevant project tomshardware.com/amp/how-to/website-switches-raspberry-pi
-
-
PsychoData over 10 yearsbest solution for real life. and would easily be adaptable to new/more roommates or other people like adding your significant other so it wouldnt block them
-
MDT Guy over 10 yearssounds simple enough, better than mac filtering and simpler than a portal
-
iamkrillin over 10 yearsyea, but then he'll have to pay processing fees, since hes in college thats no good
-
Rob over 10 yearsCron job is definitely the way to go!