How can I turn off internet for roommates that haven't paid the bill this month?

I have several roommates who split my internet bill with me each month. On occasion they forget to pay me, and I have to pester them for the money.

If after 3 days of pestering they still haven't paid, I create a firewall rule in my unix based router that blocks traffic to their mac address. This proves to be very effective at getting delinquent roommates to pony up the cash.

How could I automate the adding / removing of a mac address to a firewall rule on the 3rd of every month? I'd like a simple way to unblock them for the rest of the month once they pay.

I'm currently using pfsense. While there is a captive portal module, it doesn't support regulating access per user / per month.

How could I automate blocking/unblocking roommate internet access?


Solution 1:

  1. Make a bash script which adds restrictive iptables rule.
  2. Put this script in monthly cron.
  3. Inside the bash script make a condition - if file ~/do_not_block_friends exists and its modification time is within of month period (stat -c %y filename) - do not run the script.
  4. Once they pay you do touch ~/do_not_block_friends.

Script will run and see that do_not_block_friends was modified, so it will not run iptables command.

If they did not pay you - script will block them.

Once they have paid you run another prepared script to unlock them.

This is general plan without much details, but I do not think it will be hard to figure out rest of it.

Edit:

Here is more simple way of writing such script:

#!/bin/bash

count=`find ~ -maxdepth 1 -type f -name do_not_block_friends -mtime -31 | wc -l`

if [ "$count" -eq 1 ]; then

# Friends have paid. Do nothing;

else

# Friends have not paid. Run iptables command;

fi

We use find command with following options:

  • maxdepth 1 - Do not search recursive
  • type f - Search for file
  • name - Search for this name
  • mtime -31 - Find file which was modified less than 31 days ago

wc -l will count amount of rows generated by the command. It will be 0 if friends have not paid (nothing found) and it will be 1 if friends did pay and we did touch control file.

This script does not calculate amount of days in the month and defaults to 31, I think it is fine since we are not building commercial billing system, but I believe even that can be calculated in bash.

Solution 2:

It might be more than you're looking for, but have you considered looking into setting up wireless credentials using 802.1x authentication against RADIUS as a backend?

RADIUS can be set up to check whatever validator you desire (something you'll probably have to script and store in a database or something) to see if your roomies have paid their rent. When they authenticate and have paid, the RADIUS authenticates them. Otherwise, it doesn't. The positive aspect to this is that you're not relying on filtering on MAC addresses. That way if you have tech savvy roomies, they won't easily be able to bypass the controls you've put in place.

Solution 3:

Check whether your bank account or another transaction solution you may use (PayPal?) provides any way of automatic payment notification, like:

  • per-transaction e-mail notification
  • daily transaction summary e-mail
  • some decent API

If any such method is available, all that's left is writing some simple script that would monitor for payments. You may just parse the e-mails from bank seeking for the monthly payments from your friends. You would need a configuration file storing each friend's account number or ID, sum to pay (might also be a global constant) and MAC address.

The script would then adjust firewall entries according to the monthly payment status.

Afterwards, inform your friends of available payment options and - while configuring your firewall - remember to provide your friends with access to the payment mechanism so that they can still pay when missed the 3-day grace period :)