Re: Excluding internal ipaddresses periodically from internet.

To: debian-user@lists.debian.org
Subject: Re: Excluding internal ipaddresses periodically from internet.
From: Cameron Hutchison <camh+dl@xdna.net>
Date: Fri, 27 Dec 2002 09:30:47 +1100
Message-id: <[🔎] 20021226223047.GB20979@orthanc>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 3E0B51A3.7030500@wanadoo.nl>
References: <[🔎] 3E0B51A3.7030500@wanadoo.nl>

Once upon a time Ina&Frank said...
> 
> My question is that I want to exclude some of the ip addresses (PC's) to 
> connet to the internet after, let say 21:00hrs each day. And when they 
> are connectet at that time, to cut them off. The other addresses my 
> still connect.
> 
> Is there a way to tell iptables (for example) to exclude some addresses 
> for a period of time or do I have to let cron bring down the firewall, 
> rewrite the config-file of iptables en restart the firewall again or do 
> I have more simple and more efficient methods to accomplish this.

I would use cron, but there's no need to take down the firewall and
re-write any config files.

I'd create a firewall chain (say "nighttime-block") and add the rules to
that to do the blocking you want to do at night. Then every night from
cron, run iptables to add a jump to that chain from the FORWARD chain.
Every morning, remove that jump. In each case, its a single iptables
command - there's no need to shutdown the firewall at all (all other
rules stay in effect).

Reply to:

References:
- Excluding internal ipaddresses periodically from internet.
  - From: Ina&Frank <if.frijns@wanadoo.nl>

Prev by Date: Re: installing non-"stable" packages and software
Next by Date: KVM locks tty
Previous by thread: Re: Excluding internal ipaddresses periodically from internet.
Next by thread: Re: Excluding internal ipaddresses periodically from internet.
Index(es):
- Date
- Thread