changing rules at a defined time

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Payal Rathod <payal-netfilter@staticky.com>
To: Netfilter ML <netfilter@lists.netfilter.org>
Subject: changing rules at a defined time
Date: Wed, 24 Dec 2003 09:29:36 +0000	[thread overview]
Message-ID: <20031224092936.GB27890@staticky.com> (raw)

Hi,
I have a very basic LAN setup question like,

- till 16:00 p.m. all ips can just use ftp but ips 192.168.0.1
  and 192.168.0.100 can do anything

- after 4:00 afternoon all can do anything till 5:00 after which again
  the above [1st rules] are to be applied.

I am thinking of doing,

[For step 1]: - Policy ACCEPT for FORWARD

iptables -A FORWARD -s 192.168.0.1 -p tcp -j ACCEPT
iptables -A FORWARD -s 192.168.0.100 -p tcp -j ACCEPT
iptables -A FORWARD -s 192.168.0.0/32 -p tcp --dport 21 -j ACCEPT
iptables -A FORWARD -s 0/0 -p tcp -j DROP

[For step 2]: - Policy ACCEPT for FORWARD

iptables -A FORWARD -p tcp -j ACCEPT

Maybe same for udp.

Now my question is, 

1> Do the above steps look ok? I will refine them further. Right now are
they workable.

2> If I want to change the rules at 16:00 what is the best way to change
them? I was thing of flushing with iptables -F and iptables -F -t nat
and then running the second step.
Similary at 17:00 do the same kind of flushes and run 1st step from a
file? Is this approach ok or is there anything better?

Thanks a lot in advance and bye.

With warm regards,
-Payal

-- 
For GNU/Linux Success Stories and Articles visit:
          http://payal.staticky.com

next             reply	other threads:[~2003-12-24  9:29 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-12-24  9:29 Payal Rathod [this message]
2003-12-24  9:47 ` changing rules at a defined time Chris Brenton
2003-12-24 10:01 ` Cedric Blancher
2003-12-24 10:11 ` Antony Stone
2003-12-24 13:26   ` Payal Rathod
2003-12-24 13:42     ` Antony Stone

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20031224092936.GB27890@staticky.com \
    --to=payal-netfilter@staticky.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.