« FAQ: How to retreive hardware manufacturer name, serial numbers, etc. in Linux command line
FAQ: How to unload NIC driver (clear ifconfig counters)? »

FAQ: Iptables rules on timely basis

Date: May 12, 2008. Categories: faq, tips and linux.

Welcome to Linux Screw! If you're new here, you may want to subscribe our RSS feed.

netfilter logo 2Question: How can I restrict/allow access to certain service on timely basis with iptables? For example restrict access to SSH between 7:00 pm - 8:00 am on weekdays?

Answer: You are welcome to use iptables patch-o-matic extension (pom or p-o-m) that allows you to match a packet based on its arrival or departure (for locally generated packets) timestamp. The syntax is the following:

iptables RULE -m time --timestart TIME --timestop TIME --days DAYS -j ACTION

Where:

--timestart TIME: Time start value (format is 00:00-23:59)
--timestop TIME: Time stop value (the same format)
--days DAYS: a list of days to apply, from (format: Mon, Tue, Wed, Thu, Fri, Sat, Sun).

To add the rule stated in the question use the following command:

iptables -A INPUT -p tcp -d 192.168.0.1 --dport 22 -m time --timestart 19:00 --timestop 8:00 -days Mon,Tue,Wed,Thu,Fri -j DROP

Hope it helps!

Share This
Related posts:
FAQ: How to block/allow packets sent by specific Operating System with iptables?
Network Traffic Generator: hping
7 "must read" Linux tutorials
Prevent Brute Force Attacks at OpenSUSE 10.3
Claws Mail 3.0.0 released
 
 
 
Your Ad Here


0 Responses to “FAQ: Iptables rules on timely basis”

Feed for this Entry Trackback Address
  1. No Comments

Leave a Reply

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

« FAQ: How to retreive hardware manufacturer name, serial numbers, etc. in Linux command line
FAQ: How to unload NIC driver (clear ifconfig counters)? »