Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1008
Views
0
Helpful
10
Replies

iptables rule with time constraint

Go to solution
battu19921
Level 1
Level 1

‎01-24-2016 12:57 AM - edited ‎03-08-2019 03:31 AM

i have a issue with iptables.
i was applying iptables rule with time constraints.
syntax :
 iptables -I INPUT -m time --timestart 9:00 --timestop 18:00 -j DROP

and rule which was i am trying

iptables -I OUTPUT -p icmp -d 192 .168.0.101 -m time --timestart 9:00 --timestop 18:00 -j ACCEPT


And i also installed xtables-addons.

But above rule does not work properly.

Please can someone guide me how to resolve above issue.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎01-24-2016 01:31 AM

Check out this guide:

http://www.cyberciti.biz/tips/iptables-for-restricting-access-by-time-of-day.html

Are you sure the machine itself has the correct time?

This isn't really a Cisco question ...

View solution in original post

0 Helpful
10 Replies 10

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎01-24-2016 01:31 AM

Check out this guide:

http://www.cyberciti.biz/tips/iptables-for-restricting-access-by-time-of-day.html

Are you sure the machine itself has the correct time?

This isn't really a Cisco question ...

0 Helpful

Go to solution
battu19921
Level 1
Level 1
In response to Philip D'Ath

‎01-24-2016 01:38 AM

yeah machine has the correct time.

0 Helpful

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni
In response to battu19921

‎01-24-2016 01:39 AM

Looking at your line, you are telling it to "ACCEPT" the packets during this time.  Do you have a rule after this to block the traffic when it falls outside this time?

0 Helpful

Go to solution
battu19921
Level 1
Level 1
In response to Philip D'Ath

‎01-24-2016 01:44 AM

yeah i have rule iptables -I OUTPUT -p icmp -j DROP.

Could u please tell me about xtables-addon ...

i think this issue occur due to kernel.

0 Helpful

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni
In response to battu19921

‎01-24-2016 01:52 AM

I'm not sure.  I have never used xtables-addon.

0 Helpful

Go to solution
battu19921
Level 1
Level 1
In response to Philip D'Ath

‎01-24-2016 01:54 AM

without xtables-addon how we can apply rule with time constraint.

0 Helpful

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni
In response to battu19921

‎01-24-2016 02:02 AM

I use Ubuntu.  It doesn't mention in the man page for iptables-extensions having to load any extra modules.  It just says to reference it with "-m time".

I haven't used this feature myself.

0 Helpful

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni
In response to Philip D'Ath

‎01-24-2016 02:03 AM

I just saw one article mentioning a kernel patch called Patch-O-Matic needs to be installed.  Presumably Ubuntu already has this integrated into the kernel.

0 Helpful

Go to solution
battu19921
Level 1
Level 1
In response to Philip D'Ath

‎01-24-2016 02:07 AM

yeah you are right...

but in patch-o-matic we should compile kernel after every changes.

In xtables-addon we should compile only once..

And i am also using ubuntu but without patch-o-matic or xtables-addons rule does nt work.

0 Helpful

Go to solution
battu19921
Level 1
Level 1
In response to battu19921

‎01-24-2016 02:14 AM

And  time module is not part of standard kernel, you need to download and apply patch from patch-o-matic or you need xtables-addon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card