Greetings! On Wed, 2003-12-24 at 04:29, Payal Rathod wrote: > > 1> Do the above steps look ok? I will refine them further. Right now are > they workable. At the very least, I would specify the receiving interface as well or you may be subject to spoofing attacks. At the most, you are missing: Any kind of logging Deny inbound packets from loopback, private, etc. Deny outbound unreachables, Timex, Echo-replies, critical services, etc. There are probably others. The caffeine has not kicked in yet. ;-) > 2> If I want to change the rules at 16:00 what is the best way to change > them? Two options: 1) Write up two sets of rules in two different shell scripts. Use cron to implement them at the appropriate time. Use '-F' as you mentioned at the beginning of the script to flush the existing rules. 2) Install patch-o-matic and implement the time patch. You can then do something like: iptables -A FORWARD -i eth0 -p tcp -m time --timestart 16:00 --timestop 17:00 --days Mon,Tue,Wed,Thu,Fri -s 192.168.0.0/32 -j ACCEPT HTH, C
