-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi!, I''d like to know how to set up shorewall to deny a user-defined action in a time-based basis, for example, I have a group of users using MSN, AOL, www and https, in a defined action called action.BasicAccess now, I want this access to be enabled only on lunch time from Monday through Friday and weekends from noon to 6pm... I know iptables can do it, but I don''t know how to configure with shorewall. I appreciate your help!, please reply to asierra@amnet.co.cr . (NOT suscribed to list) Alberto S. () ascii ribbon campaign - against html e-mail /\ -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQU32IwmpGfjIYnYTEQLUbgCgu+1QVKsBuaTIh3F0ro6aS1YnbKIAn1y8 nUVBJH9czjXMsQzglicjYU3G =DgQf -----END PGP SIGNATURE-----
On Sunday 19 September 2004 14:12, Alberto Sierra wrote:> Hi!, I''d like to know how to set up shorewall to deny a user-defined > action in a time-based basis, for example, I have a group of users > using MSN, AOL, www and https, in a defined action called > action.BasicAccess now, I want this access to be enabled only on > lunch time from Monday through Friday and weekends from noon to > 6pm... I know iptables can do it, but I don''t know how to configure > with shorewall.Standard iptables does *not* support this -- it''s an add-on in Patch-0-Matic (http://www.netfilter.org/patch-o-matic/pom-base.html#pom-base-time) and I have a policy of not providing explicit support in Shorewall for such features.> > I appreciate your help!, please reply to asierra@amnet.co.cr . (NOT > suscribed to list) >Create two Shorewall configurations (see http://shorewall.net/configuration_file_basics.htm#Levels); one that allows this traffic and one that doesn''t. Then use the "save" command to save them to different restore files (see http://shorewall.net/starting_and_stopping_shorewall.htm). You can then set up cron jobs to switch between them using the "shorewall restore" command (see the same reference). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
maybe you can also add transparent caching for users then use squids time acl On Sun, 19 Sep 2004 14:56:40 -0700, Tom Eastep <teastep@shorewall.net> wrote:> On Sunday 19 September 2004 14:12, Alberto Sierra wrote: > > Hi!, I''d like to know how to set up shorewall to deny a user-defined > > action in a time-based basis, for example, I have a group of users > > using MSN, AOL, www and https, in a defined action called > > action.BasicAccess now, I want this access to be enabled only on > > lunch time from Monday through Friday and weekends from noon to > > 6pm... I know iptables can do it, but I don''t know how to configure > > with shorewall. > > Standard iptables does *not* support this -- it''s an add-on in Patch-0-Matic > (http://www.netfilter.org/patch-o-matic/pom-base.html#pom-base-time) and I > have a policy of not providing explicit support in Shorewall for such > features. > > > > I appreciate your help!, please reply to asierra@amnet.co.cr . (NOT > > suscribed to list) > > > > Create two Shorewall configurations (see > http://shorewall.net/configuration_file_basics.htm#Levels); one that allows > this traffic and one that doesn''t. Then use the "save" command to save them > to different restore files (see > http://shorewall.net/starting_and_stopping_shorewall.htm). You can then set > up cron jobs to switch between them using the "shorewall restore" command > (see the same reference). > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >