Tux Training

Sections
- Applications (41)
  - Gimp (1)
- Basics (65)
- Commandline Tools (54)
- Cracking (6)
- Desktop Environments (15)
  - Fluxbox (4)
  - Gnome (5)
  - KDE (5)
  - Xfce (1)
- Distribution Specific (43)
  - Arch (1)
  - Debian (6)
  - Fedora (6)
  - Gentoo (2)
  - Mandriva (2)
  - OpenSuse (19)
  - Redhat (3)
  - Ubuntu (15)
- Hardware (10)
- Linux+ (33)
- Misc. (1)
- Multimedia (6)
- Networking (41)
- Non-Linux OSes (2)
  - FreeBSD (1)
  - OpenSolaris (1)
- Scripts and Commands (3)
- Security (48)
- Servers (13)
  - CMS (1)
  - LAMP (9)
    - Apache (4)
    - Mysql (4)
    - Php (1)
  - Samba (2)
- Tweaks (20)
- Uncategorized (1)
- Virtualization (2)
- Windows (4)
Polls
Why Do You Use Linux (Pick Your Best Reason)
- The GPL License
- Free as in Beer
- Security
- Stability
- The Software Available
- How customizable it is
- Just to make Steve Ballmer mad
View Results
Loading ...
Archives
Ads

Time Based iptables rules with patch-o-matic extension

Posted on May 15th, 2008 in Networking, Security by admin

How can you restrict/allow access to certain service on timely basis with iptables? For example restrict access to SSH between 7:00 pm - 8:00 am on weekdays?

You are welcome to use iptables patch-o-matic extension (pom or p-o-m) that allows you to match a packet based on its arrival or departure (for locally generated packets) timestamp.

The syntax is the following:

iptables RULE -m time –timestart TIME –timestop TIME –days DAYS -j ACTION

Where:

–timestart TIME: Time start value (format is 00:00-23:59)
–timestop TIME: Time stop value (the same format)
–days DAYS: a list of days to apply, from (format: Mon, Tue, Wed, Thu, Fri, Sat, Sun).

To add the rule stated in the question use the following command:

iptables -A INPUT -p tcp -d 192.168.0.1 –dport 22 -m time –timestart 19:00 –timestop 8:00 -days Mon,Tue,Wed,Thu,Fri -j DROP

Hope it helps!

[source: http://www.linuxscrew.com/]

Also See:

Bookmark It