On Monday 2018-08-13 19:34, Neal P. Murphy wrote: > >I changed Smoothwall Express to use -m time 4 years ago, and corrected a couple bugs shortly after. In short, > - Set the BIOS clock to local time (the BIOS clock is for humans anyway). > - Run a modern ntpd to keep the system clock reasonably accurate. > - Run a cron script a month or three before the local DST change to find the exact date/time of the > next change. (Local authorities tend to change the date/time on a whim.) > - Run a script/program one minute before the change. > - Sleep for 50 seconds. > - Spin, sleeping 10ms, looking for the TZ to change. (Grouse and die if it never happens.) > - Run Madore's program to set the kernel TZ and the HW clock. >Since then, no one has complained about timed rules firing at the wrong time Nobody will take time granularity for granted anyway. If a ruleset is in effect for slightly longer than it should be, or comes in effect later than it should be, no big deal. So in fact you could just run the kernel clock in UTC, use two separate rulesets (possibly generated from a template) and make a bi-yearly atomic switch, and no one would cry foul if you do the switch on Sun 28 03:00:17 rather than 03:00:00. >So, what would it take to 'port' -m time to nft? Isn't nft capable enough yet to call xt modules already? Use that functionality..
