I found from the manual for /etc/shorewall/rules that Shorewall can have rules active on a particular time period of each day or particular days of the week or month, or a range defined
by dates and times if supported by the kernel and
iptables. The following can be checked:
#shorewall show capabilities | grep Time
Time Match: Available
#rpm -qa | grep shorewallshorewall-4.4.19.1-2-mdv2011.0.noarch#uname -r 2.6.38.7-server-1mnb2
The TIME field should be the 12th field in the rules file (after the CONNLIMIT field and before the HEADERS field). The following creates a rule blocking a local IP address of 192.168.1.100 from accessing internet at 18:45-21:00 every day in my local time (instead of UTC).
#ACTION SOURCE DEST PROTO DEST_PORT SOURCE_PORT ORIGINAL_DEST RATE USER/GROUP MARK CONNLIMIT TIME HEADERS DROP loc:192.168.1.100 all all - - - - - - - timestart=18:45×top=21:00&localtz
#service shorewall reload #iptables -L | grep TIME DROP all -- 192.168.1.100 anywhere TIME from 18:45:00 to 21:00:00DROP all -- 192.168.1.100 anywhere TIME from 18:45:00 to 21:00:00DROP all -- 192.168.1.100 anywhere TIME from 18:45:00 to 21:00:00DROP all -- 192.168.1.100 anywhere TIME from 18:45:00 to 21:00:00
No comments:
Post a Comment