Hi,
i would like to block port during day and live it open during night
(p2p port). Is it posible in shorewall?
Thanks
Dexter
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
Dexter wrote:> Hi, > i would like to block port during day and live it open during night > (p2p port). Is it posible in shorewall? > Thanks > Dexter > > > > ------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. Do you grep through log files > for problems? Stop! Download the new AJAX search engine that makes > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! > http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >Remember Shorewall doesn''t actually run, it only sets up the rules. So you can setup a cronjob at the start and end times to load a different rules file. -- Ray Booysen rj_booysen@rjb.za.net ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
Dexter wrote:> Hi, > i would like to block port during day and live it open during night > (p2p port). Is it posible in shorewall? > Thanks > Dexter > > > > ------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. Do you grep through log files > for problems? Stop! Download the new AJAX search engine that makes > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! > http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >Sounds like you want to run P2P apps at the office when everyone has gone home. :) -- Ray Booysen rj_booysen@rjb.za.net ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
On Mon, 2005-12-19 at 16:30 +0000, Ray Booysen wrote:> Dexter wrote: > > Hi, > > i would like to block port during day and live it open during night > > (p2p port). Is it posible in shorewall? > > Thanks > > Dexter > > > > > > > > ------------------------------------------------------- > > This SF.net email is sponsored by: Splunk Inc. Do you grep through log files > > for problems? Stop! Download the new AJAX search engine that makes > > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! > > http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click > > _______________________________________________ > > Shorewall-users mailing list > > Shorewall-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > Remember Shorewall doesn''t actually run, it only sets up the rules. So > you can setup a cronjob at the start and end times to load a different > rules file. > >Is there no rule in iptables, that takes time as variable? ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
>Is there no rule in iptables, that takes time as variable?No.
On Monday 19 December 2005 08:40, j2 wrote:> >Is there no rule in iptables, that takes time as variable? > > No.Actually, there are but they aren''t in the standard kernels and Shorewall doesn''t support them directly. If your kernel and iptables support time-based rules (I don''t remember the name of the match module that does that), you can create time-based rules in actions using an extension script (http://www.shorewall.net/Actions.html). Otherwise, you must do as another poster suggested and use different Shorewall configurations and switch between them using a cron job. If you save these configurations under different names, you can switch quickly by having your script run "shorewall restore <saved-config>" rather than "shorewall restart <configuration directory>". -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
On Mon, 2005-12-19 at 08:46 -0800, Tom Eastep wrote:> On Monday 19 December 2005 08:40, j2 wrote: > > >Is there no rule in iptables, that takes time as variable? > > > > No. > > Actually, there are but they aren''t in the standard kernels and Shorewall > doesn''t support them directly. If your kernel and iptables support time-based > rules (I don''t remember the name of the match module that does that), you can > create time-based rules in actions using an extension script > (http://www.shorewall.net/Actions.html). > > Otherwise, you must do as another poster suggested and use different Shorewall > configurations and switch between them using a cron job. If you save these > configurations under different names, you can switch quickly by having your > script run "shorewall restore <saved-config>" rather than "shorewall restart > <configuration directory>". > > -TomCron sounds more simple. I`ll do it with Cron. Thanks for advice. Dexter ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
Ray Booysen wrote:> Dexter wrote: >> Hi, >> i would like to block port during day and live it open during night >> (p2p port). Is it posible in shorewall? >> ... > Sounds like you want to run P2P apps at the office when everyone has > gone home. :)Or at home during off-peak hours so it doesn''t mess up your daytime download quota... :-) Paul ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
Hello Dexter, Dexter said the following on 19/12/2005 17:56:> On Mon, 2005-12-19 at 08:46 -0800, Tom Eastep wrote: > >>On Monday 19 December 2005 08:40, j2 wrote: >> >>>>Is there no rule in iptables, that takes time as variable? >>> >>>No. >> >>Actually, there are but they aren''t in the standard kernels and Shorewall >>doesn''t support them directly. If your kernel and iptables support time-based>>Otherwise, you must do as another poster suggested and use different Shorewall >>configurations and switch between them using a cron job. If you save these >>configurations under different names, you can switch quickly by having your >>script run "shorewall restore <saved-config>" rather than "shorewall restart >><configuration directory>". >> > Cron sounds more simple. I`ll do it with Cron. Thanks for advice.Reloading a complete rulebase might cause (minor) outages depending on the config. I think you should be able to do it with dynamic zones and adding the source (or dest) ip''s to the dynamic zone when you want to allow and remove them when you don''t. That''s actually how I manager remote vendor VNC access. i do a: shorewall add ppp0:<vendor src ip> vnc to allow and a: shorewall delete ppp0:<vendor src ip> vnc to disallow again... Your mileage might vary. STijn -- Met Vriendelijke groet/Yours Sincerely Stijn Jonker <SJCJonker@sjc.nl> ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click