![Time bases iptables rules](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhg0bHh3TrRpH7sqrLM0kA8wpZaahMvBfAfKHR8JKKMlvHCs4s_4IpYaSPqXHZEHn6U4rAzgEE5qekOszEao0q7y6y47pXAXsVYTOHLHkdWi-YeCJ7zMDW4byA_QdPt2i16fndu1XuVAyc/s320/netfilter-logo2.png)
Question: How can I restrict/allow access to certain service on timely basis with iptables? For example restrict access to SSH between 7:00 pm - 8:00 am on weekdays?
Answer: You are welcome to use iptables patch-o-matic extension (pom or p-o-m) that allows you to match a packet based on its arrival or departure (for locally generated packets) timestamp. The syntax is the following:
iptables RULE -m time --timestart TIME --timestop TIME --days DAYS -j ACTION
Where:
--timestart TIME: Time start value (format is 00:00-23:59)
--timestop TIME: Time stop value (the same format)
--days DAYS: a list of days to apply, from (format: Mon, Tue, Wed, Thu, Fri, Sat, Sun).
To add the rule stated in the question use the following command:
iptables -A INPUT -p tcp -d 192.168.0.1 --dport 22 -m time --timestart 19:00 --timestop 8:00 -days Mon,Tue,Wed,Thu,Fri -j DROP
Hope it helps!
0 comments:
Post a Comment