> Is there a way to put time restrictions on rules? > For eaxmple, something like: > > iptables -A FORWARD -i eth0 -p tcp -sport 1024: -dport 1024: -time > 0700:1700 -j DROP There is a time patch in pom (base). >From the website : This option adds CONFIG_IP_NF_MATCH_TIME, which supplies a time match module. This match allows you to filter based on the packet arrival time (arrival time at the machine which the netfilter is running on) or departure time (for locally generated packets). Rob
