On Wednesday 2008-12-10 19:55, Paweł Banyś wrote:
>
>I tried to use the time module in iptables and I noticed some problems
>with time interpretation. I tested it on the following system:
>
>kernel: 2.6.27
>iptables: v1.4.2
>system clock time zone: Berlin (UTC+1)
>
>1. Inconsistency of "datestop":
>2. Inconsistency of "datestart":
>
>system_time --datestop RESULT
>14:00:00 14:10:00 rule should apply but it does not because for
>iptables datestop is 13:10:00
>
>Remark: in internal calculations datestop is one hour less than set
>Remark: in internal calculations datestart is two hours less than set
Your kernel timezone may not be set. The below module may help:
---<8--- (Makefile)
obj-m += time.o
all:
make -C /lib/modules/`uname -r`/build M=$$PWD;
--->8---
---<8--- (time.c)
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/time.h>
extern struct timezone sys_tz;
static int __init t_init(void)
{
int minutes = sys_tz.tz_minuteswest;
if (minutes < 0) /* east of GW */
printk(KERN_WARNING "TZ is +%02d%02d\n",
-minutes / 60, -minutes % 60);
else /* west of GW */
printk(KERN_WARNING "TZ is -%02d%02d\n",
minutes / 60, minutes % 60);
return -EIO;
}
static void __exit t_exit(void)
{
}
module_init(t_init);
module_exit(t_exit);
MODULE_LICENSE("GPL");
--->8---
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
