FAQ: Iptables rules on timely basis

Welcome to Linux Screw! If you're new here, you may want to subscribe our RSS feed.

netfilter logo 2 Question: How can I restrict/allow access to certain service on timely basis with iptables? For example restrict access to SSH between 7:00 pm - 8:00 am on weekdays?

Answer: You are welcome to use iptables patch-o-matic extension (pom or p-o-m) that allows you to match a packet based on its arrival or departure (for locally generated packets) timestamp. The syntax is the following:

iptables RULE -m time --timestart TIME --timestop TIME --days DAYS -j ACTION

Where:

--timestart TIME: Time start value (format is 00:00-23:59)
--timestop TIME: Time stop value (the same format)
--days DAYS: a list of days to apply, from (format: Mon, Tue, Wed, Thu, Fri, Sat, Sun).

To add the rule stated in the question use the following command:

iptables -A INPUT -p tcp -d 192.168.0.1 --dport 22 -m time --timestart 19:00 --timestop 8:00 -days Mon,Tue,Wed,Thu,Fri -j DROP

Hope it helps!

Friendly Sites:	Who is behind Linux Screw?
Aspiring Sysadmin \| GeekyBits³ \| Bash Cures Cancer \| TOTMS Linux Operating System \| Small Linux Deployments \| My SysAd Blog The Danesh Project \| ZEPY \| LinuxHaxor.net \| Planet Sysadmin The Sys Admin \| {buhay sysad} \| a non-geek's linux notes CyberCapital.Org \| G-LOADED! \| The Linux Alternative Project	My name is Artem Nosulchik (artiomix AT gmail DOT com) and I'm Linux/Unix, Cisco systems engineer. The main idea of Linux Screw is to share relevant knowledge, skills and observations over The Web. Here you can find a lot of information related to different Linux distributions, FreeBSD, IOS as well as a other Open Source around staff. Read more ››

Linux Screw

FAQ: Iptables rules on timely basis

0 Responses to “FAQ: Iptables rules on timely basis”

Leave a Reply

Categories

Most Popular Posts

Recent Ideas

Recent Posts

Linux Screw Recommends

Our sp0ns0rs