You will have a daemon hanging in background. If it happens to be killed your rule will not be removed from iptables. Besides that it is a nice solution, but I think cron plus a decent script does really solves the problem fine. On Thu, Feb 19, 2009 at 7:56 PM, Peter Renzland <peter@xxxxxxxxxxx> wrote: > I would write a simple script "ipoff NN" which takes the same arguments as > iptables (after NN), converts -I and -A to -D, etc, and sleeps NN minutes > before doing the cancel. > > Then, after running the command that sets up the rule, I would just arrow up > and change iptables to ipoff NN. > That would be *very usable*, IMHO. > > (I most definitely would not use cron or at, since those tools do not > naturally match the problem at all.) > > > Peter > > > On 09 Feb 19, at 12:42 , Colin Davis wrote: > >> >> Thanks Ivan, I was hoping to be able to do this directly using a rule >> without writing a script / using cron but looks like that's what I'm going >> to have to do. >> >> Colin. >> >> >> Ivan Petrushev wrote: >>> >>> I'm not sure if that can be done with the netfilter itself. >>> You could always get a script into crontab to check if the rule is >>> matched (iptables ... -L -n -v will show you number of packets matched >>> by the rule) and set up some sort of a timer. >>> >>> Ivan >>> >>> On Thu, Feb 19, 2009 at 7:10 PM, Colin Davis <col@xxxxxxxxxxxxxxxx> >>> wrote: >>> >>>> Hi, >>>> >>>> Not sure if this is possible. I wish to create a rule that once created >>>> will >>>> automatically expire (and be removed) after say 10 minutes. >>>> >>>> Please >>>> >>>> Many thanks, >>>> Colin. >>>> -- >>>> To unsubscribe from this list: send the line "unsubscribe netfilter" in >>>> the body of a message to majordomo@xxxxxxxxxxxxxxx >>>> More majordomo info at http://vger.kernel.org/majordomo-info.html >>>> >>>> >> >> -- >> To unsubscribe from this list: send the line "unsubscribe netfilter" in >> the body of a message to majordomo@xxxxxxxxxxxxxxx >> More majordomo info at http://vger.kernel.org/majordomo-info.html >> > > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
