One thing to note is that you actually delete the exact same rule you added. There is no built-in method to do that. I can think of a few ideas how to verify that (with high probability, not 100%) but it really depends on the actual requirements. > -----Original Message----- > From: netfilter-owner@xxxxxxxxxxxxxxx [mailto:netfilter- > owner@xxxxxxxxxxxxxxx] On Behalf Of Peter Renzland > Sent: Thursday, February 19, 2009 9:57 AM > To: Colin Davis > Cc: netfilter@xxxxxxxxxxxxxxx > Subject: Re: iptables - how to create a rule that expires automatically > > I would write a simple script "ipoff NN" which takes the same > arguments as iptables (after NN), converts -I and -A to -D, etc, and > sleeps NN minutes before doing the cancel. > > Then, after running the command that sets up the rule, I would just > arrow up and change iptables to ipoff NN. > That would be *very usable*, IMHO. > > (I most definitely would not use cron or at, since those tools do not > naturally match the problem at all.) > > > Peter > > > On 09 Feb 19, at 12:42 , Colin Davis wrote: > > > > > Thanks Ivan, I was hoping to be able to do this directly using a rule > > without writing a script / using cron but looks like that's what I'm > > going > > to have to do. > > > > Colin. > > > > > > Ivan Petrushev wrote: > >> I'm not sure if that can be done with the netfilter itself. > >> You could always get a script into crontab to check if the rule is > >> matched (iptables ... -L -n -v will show you number of packets > >> matched > >> by the rule) and set up some sort of a timer. > >> > >> Ivan > >> > >> On Thu, Feb 19, 2009 at 7:10 PM, Colin Davis <col@xxxxxxxxxxxxxxxx> > >> wrote: > >> > >>> Hi, > >>> > >>> Not sure if this is possible. I wish to create a rule that once > >>> created will > >>> automatically expire (and be removed) after say 10 minutes. > >>> > >>> Please > >>> > >>> Many thanks, > >>> Colin. > >>> -- > >>> To unsubscribe from this list: send the line "unsubscribe > >>> netfilter" in > >>> the body of a message to majordomo@xxxxxxxxxxxxxxx > >>> More majordomo info at http://vger.kernel.org/majordomo-info.html > >>> > >>> > > > > -- > > To unsubscribe from this list: send the line "unsubscribe netfilter" > > in > > the body of a message to majordomo@xxxxxxxxxxxxxxx > > More majordomo info at http://vger.kernel.org/majordomo-info.html > > > > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
