Hello, netfilter. >iptables -I INPUT 1 -p tcp -s 192.168.1.2/32 -m time --timestart \ >11:00 --timestop 17:00 --days Sun,Mon,Tue,Wed,Thu,Fri,Sat \ >-d 192.168.1.1/32 --j DROP >Defaul policy in INPUT chain - DROP >But... packets allows to 192.168.1.240 (server) in this >time --> 11:00-17:00. >> >>If you use SNAT (masquerade) then it may be bypassing the input chain >>because of a prerouting rule ... >> Why then in general operates the rule? If there is SNAT, that what build the rules with module "time"? The Rule operates, but can not understand, as it considers time. -- With best wishes, netfilter-maillist mailto:vlad@xxxxxxxxxxxxxxxx
