[prev in list] [next in list] [prev in thread] [next in thread]
List: freebsd-ipfw
Subject: Re: time policies
From: Ryan Winograd <rylwin () houston ! rr ! com>
Date: 2005-03-03 22:26:52
Message-ID: 42278F2C.1050604 () houston ! rr ! com
[Download RAW message or body]
Urban Engemyr,
Chris is right. Crontab is your answer._BSD HACKS_ (published by O'Reilly) explains \
how to automatically change firewalls rules at certain times in hack #64 "Script IP \
Firewall Rulesets." Let's assume a very simple situation: you either allow traffic or \
block it. step 1: create to rulesets
- /etc/ipf.rules.allow
- /etc/ipf.rules.block
step 2: the first script (block access)
#!/bin/sh
# replace the ipf.rules file
cp /etc/ipf.rules.block /etc/ipf.rules
# now have ipf re-read the rules file
ipf -Fa -f /etc/ip.rules
For the other script, replace ipf.rules with ipf.rules.allow. This is, of course, a \
simple example, but feel free to make it as complicated as you wish
Hope this is helpful!
Ryan
>
> Message: 1
> Date: Wed, 2 Mar 2005 20:28:06 +0100
> From: "Urban Engemyr" <urban.engemyr@ecr-consulting.se>
> Subject: time policies
> To: <freebsd-ipfw@freebsd.org>
> Message-ID:
> <03A9E4B63BABC943BEC0C8A8EE428947016780@ecrex01.ecr-consulting.se>
> Content-Type: text/plain; charset="us-ascii"
>
> Hi,
>
> Is it possible to have ipfw rules that are enabled during certain times
> only?
>
> Regards
> Urban
>
>
> ------------------------------
>
> Message: 2
> Date: Wed, 2 Mar 2005 21:32:12 +0200
> From: "Chris Knipe" <savage@savage.za.org>
> Subject: Re: time policies
> To: <freebsd-ipfw@freebsd.org>
> Message-ID: <000c01c51f5e$890db150$0a01a8c0@ops.cenergynetworks.com>
> Content-Type: text/plain; format=flowed; charset="iso-8859-1";
> reply-type=original
>
> Crontab?
>
>
_______________________________________________
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic