Hi Vladimir,
On Tuesday 18 March 2003 15:17, vlad wrote:
> Hello netfilter,
> iptables -I INPUT 1 -p tcp -s 192.168.1.2/32 -m time --timestart \
> 11:00 --timestop 17:00 --days Sun,Mon,Tue,Wed,Thu,Fri,Sat \
> -d 192.168.1.1/32 --j DROP
> Defaul policy in INPUT chain - DROP
> But... packets allows to 192.168.1.240 (server) in this
> time --> 11:00-17:00.
> Why?
With a quick guess, two reasons come to mind:
1- you have an ACCEPT rule that shadows the -m time -j DROP rule,
therefore nullifying its effect.
2- the packets that you talk about still being allowed might be from
a forwarding connection ? In which case you have to filter in
forward chain.
To see if 1 is your problem, simply put the rule -m time -j DROP at
the _begining_ of the ruleset, this way you'll be sure it won't be shadowed
by other rules.
To see if 2 is your problem, simply put the rule -m time -j DROP in
the FORWARD chain instead.
Have a nice day,
Fabrice.
--
Fabrice MARIE
"Silly hacker, root is for administrators"
-Unknown
