[This email is either empty or too large to be displayed at this time]
Mihail Popa wrote: Looks like Mailman''s HTML->Text converter ate your post (or you hit <send> prematurely). At any rate, date/time based rules are available with iptables if you patch your kernel but in keeping with my stated policy (Shorewall contains no support for features not available in standard kernels), there is no such support in Shorewall. You can accomplish a similar thing by having two (or more) shorewall configurations which you have saved to different files in /var/lib/shorewall using the ''shorewall save'' command. A simple cron job can then switch between the configurations by issuing ''shorewall restore'' commands (which are very fast). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Tom Eastep wrote: "You can accomplish a similar thing by having two (or more) shorewall configurations which you have saved to different files in /var/lib/shorewall using the ''shorewall save'' command. A simple cron job can then switch between the configurations by issuing ''shorewall restore'' commands (which are very fast)." In my first message (which was sent by hotmail as html, perhaps that''s why it didn''t show content...) i wanted to say that I need to allow 192.168.0.2 - 192.168.0.9 to access Internet 24/7 and 192.168.0.10 only nights between 10:00PM and 8:00AM. I understand that it''s not supported by shorewall and I should use cron to perform some shorewall commands at given moments... What I don''t understand is how to use "shorewall save" to make "myconfig1" (allowing 192.168.0.10) and "myconfig2" (denying 192.168.0.10) and to switch between them. Does this command look like "shorewall save <myconfig#>"? Does also restore command look like "shorewall restore <myconfig#>"? Acest email a fost trimis din interfata web http://www.bumerang.ro
mi_kke@bumerang.ro wrote:> > What I don''t understand is how to use "shorewall save" to make "myconfig1" (allowing 192.168.0.10) and "myconfig2" (denying 192.168.0.10) and to switch between them. > Does this command look like "shorewall save <myconfig#>"? > Does also restore command look like "shorewall restore <myconfig#>"? >Yes. See http://shorewall.net/starting_and_stopping_shorewall.htm. Beware that the syntax of the commands are given near the top of that article and not in the section entitled "Saved Configurations" Any time you have a question about a command, you can also use the ''help'' command: shorewall help save shorewall help restore -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net