01-24-2016 12:57 AM - edited 03-08-2019 03:31 AM
i have a issue with iptables.
i was applying iptables rule with time constraints.
syntax :
iptables -I INPUT -m time --timestart 9:00 --timestop 18:00 -j DROP
and rule which was i am trying
iptables -I OUTPUT -p icmp -d 192 .168.0.101 -m time --timestart 9:00 --timestop 18:00 -j ACCEPT
And i also installed xtables-addons.
But above rule does not work properly.
Please can someone guide me how to resolve above issue.
Solved! Go to Solution.
01-24-2016 01:31 AM
Check out this guide:
http://www.cyberciti.biz/tips/iptables-for-restricting-access-by-time-of-day.html
Are you sure the machine itself has the correct time?
This isn't really a Cisco question ...
01-24-2016 01:31 AM
Check out this guide:
http://www.cyberciti.biz/tips/iptables-for-restricting-access-by-time-of-day.html
Are you sure the machine itself has the correct time?
This isn't really a Cisco question ...
01-24-2016 01:38 AM
yeah machine has the correct time.
01-24-2016 01:39 AM
Looking at your line, you are telling it to "ACCEPT" the packets during this time. Do you have a rule after this to block the traffic when it falls outside this time?
01-24-2016 01:44 AM
yeah i have rule iptables -I OUTPUT -p icmp -j DROP.
Could u please tell me about xtables-addon ...
i think this issue occur due to kernel.
01-24-2016 01:52 AM
I'm not sure. I have never used xtables-addon.
01-24-2016 01:54 AM
without xtables-addon how we can apply rule with time constraint.
01-24-2016 02:02 AM
I use Ubuntu. It doesn't mention in the man page for iptables-extensions having to load any extra modules. It just says to reference it with "-m time".
I haven't used this feature myself.
01-24-2016 02:03 AM
I just saw one article mentioning a kernel patch called Patch-O-Matic needs to be installed. Presumably Ubuntu already has this integrated into the kernel.
01-24-2016 02:07 AM
yeah you are right...
but in patch-o-matic we should compile kernel after every changes.
In xtables-addon we should compile only once..
And i am also using ubuntu but without patch-o-matic or xtables-addons rule does nt work.
01-24-2016 02:14 AM
And time module is not part of standard kernel, you need to download and apply patch from patch-o-matic or you need xtables-addon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide