Question: How can I restrict/allow access to certain service on timely basis with iptables? For example restrict access to SSH between 7:00 pm – 8:00 am on weekdays?
Answer: You are welcome to use iptables patch-o-matic extension (pom or p-o-m) that allows you to match a packet based on its arrival or departure (for locally generated packets) timestamp. The syntax is the following:
iptables RULE -m time --timestart TIME --timestop TIME --days DAYS -j ACTION
Where:
--timestart TIME: Time start value (format is 00:00-23:59)
--timestop TIME: Time stop value (the same format)
--days DAYS: a list of days to apply, from (format: Mon, Tue, Wed, Thu, Fri, Sat, Sun).
To add the rule stated in the question use the following command:
iptables -A INPUT -p tcp -d 192.168.0.1 --dport 22 -m time --timestart 19:00 --timestop 8:00 -days Mon,Tue,Wed,Thu,Fri -j DROP
Hope it helps!
0 Responses to “FAQ: Iptables rules on timely basis”