Hi,
I have a very basic LAN setup question like,
- till 16:00 p.m. all ips can just use ftp but ips 192.168.0.1
and 192.168.0.100 can do anything
- after 4:00 afternoon all can do anything till 5:00 after which again
the above [1st rules] are to be applied.
I am thinking of doing,
[For step 1]: - Policy ACCEPT for FORWARD
iptables -A FORWARD -s 192.168.0.1 -p tcp -j ACCEPT
iptables -A FORWARD -s 192.168.0.100 -p tcp -j ACCEPT
iptables -A FORWARD -s 192.168.0.0/32 -p tcp --dport 21 -j ACCEPT
iptables -A FORWARD -s 0/0 -p tcp -j DROP
[For step 2]: - Policy ACCEPT for FORWARD
iptables -A FORWARD -p tcp -j ACCEPT
Maybe same for udp.
Now my question is,
1> Do the above steps look ok? I will refine them further. Right now are
they workable.
2> If I want to change the rules at 16:00 what is the best way to change
them? I was thing of flushing with iptables -F and iptables -F -t nat
and then running the second step.
Similary at 17:00 do the same kind of flushes and run 1st step from a
file? Is this approach ok or is there anything better?
Thanks a lot in advance and bye.
With warm regards,
-Payal
--
For GNU/Linux Success Stories and Articles visit:
http://payal.staticky.com
