Hi, Thanks for the mails all of you. I am also going to look into patch-o-matic later. I have a couple of doubts now. On Wed, Dec 24, 2003 at 10:11:14AM +0000, Antony Stone wrote: > I really disapprove of a default ACCEPT policy on FORWARD. Why? I can DROP everything later. > iptables -P FORWARD DROP > iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT [...] > Then at 16:00, use a cron rule to run: > > iptables -A FORWARD -i $INTIF -s 192.168.0.0/24 -j ACCEPT Should that be iptables -I or specifically -A? > At 17:00 use a cron rule to run: > > iptables -D FORWARD -i $INTIF -s 192.168.0.0/24 -j ACCEPT > > The only thing I can think of which this solution which you have to decide > whether you're happy about is that connections currently in progress at 17:00 > will not be cut off - users simply won't be able to make new ones until 16:00 > the following day. You mean a person logged on to MSN can continue being logged on throughout? So, do I FLUSH the rules through cron to prevent this? With warm regards, -Payal
