On Thursday 2012-03-29 12:21, Sebastian Arcus wrote: > Hi Jan > > On 29/03/12 11:00, Jan Engelhardt wrote: >> > </snip> >> >> The caveat with the kernel timezone is that Linux distributions may >> ignore to set the kernel timezone, and instead only set the system >> time. Even if a particular distribution does set the timezone at boot, >> it is usually does not keep the kernel timezone offset - which is what >> changes on DST - up to date. ntpd will not touch the kernel timezone, >> so running it will not resolve the issue. As such, one may encounter a >> timezone that is always +0000, or one that is wrong half of the time of >> the year. As such, using --kerneltz is highly discouraged. >> > Thanks for taking the time to give a detailed reply. Just to make sure I > understand correctly - would this mean that there is no reliable way to run > time based iptables rules and have them keep up with DST changes correctly and > automatically - without restarting the machine when the DST kicks in or out? UTC is reliable, no? :) If you can reliably update the kernel TZ [that is, whenever a DST switch occurs], you can reliably match on non-UTC. This is possible from userspace (anything else would be surprising, since the kernel does not read arbitrary files). -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
