time policies
Ryan Winograd
rylwin at houston.rr.com
Thu Mar 3 22:27:14 GMT 2005
Urban Engemyr,
Chris is right. Crontab is your answer._BSD HACKS_ (published by O'Reilly) explains how to automatically change firewalls rules at certain times in hack #64 "Script IP Firewall Rulesets." Let's assume a very simple situation: you either allow traffic or block it.
step 1: create to rulesets
- /etc/ipf.rules.allow
- /etc/ipf.rules.block
step 2: the first script (block access)
#!/bin/sh
# replace the ipf.rules file
cp /etc/ipf.rules.block /etc/ipf.rules
# now have ipf re-read the rules file
ipf -Fa -f /etc/ip.rules
For the other script, replace ipf.rules with ipf.rules.allow. This is, of course, a simple example, but feel free to make it as complicated as you wish
Hope this is helpful!
Ryan
>
>Message: 1
>Date: Wed, 2 Mar 2005 20:28:06 +0100
>From: "Urban Engemyr" <urban.engemyr at ecr-consulting.se>
>Subject: time policies
>To: <freebsd-ipfw at freebsd.org>
>Message-ID:
> <03A9E4B63BABC943BEC0C8A8EE428947016780 at ecrex01.ecr-consulting.se>
>Content-Type: text/plain; charset="us-ascii"
>
>Hi,
>
>Is it possible to have ipfw rules that are enabled during certain times
>only?
>
>Regards
>Urban
>
>
>------------------------------
>
>Message: 2
>Date: Wed, 2 Mar 2005 21:32:12 +0200
>From: "Chris Knipe" <savage at savage.za.org>
>Subject: Re: time policies
>To: <freebsd-ipfw at freebsd.org>
>Message-ID: <000c01c51f5e$890db150$0a01a8c0 at ops.cenergynetworks.com>
>Content-Type: text/plain; format=flowed; charset="iso-8859-1";
> reply-type=original
>
>Crontab?
>
>
More information about the freebsd-ipfw
mailing list