On 29/03/12 14:45, /dev/rob0 wrote:
On Thu, Mar 29, 2012 at 11:21:55AM +0100, Sebastian Arcus wrote:
On 29/03/12 11:00, Jan Engelhardt wrote:
</snip>
The caveat with the kernel timezone is that Linux distributions may
ignore to set the kernel timezone, and instead only set the system
time. Even if a particular distribution does set the timezone at boot,
it is usually does not keep the kernel timezone offset - which is what
changes on DST - up to date. ntpd will not touch the kernel timezone,
so running it will not resolve the issue. As such, one may encounter a
timezone that is always +0000, or one that is wrong half of the time of
the year. As such, using --kerneltz is highly discouraged.
Thanks for taking the time to give a detailed reply. Just to make
sure I understand correctly - would this mean that there is no
reliable way to run time based iptables rules and have them keep up
with DST changes correctly and automatically - without restarting
the machine when the DST kicks in or out?
Restarting the machine? Blasphemy!
Why not simply reload the firewall rules?
A simple at(1) job on the DST-to-standard and standard-to-DST dates
to reload the rules, either using your distro's firewall management
tools, or pipe iptables-save to iptables-restore (substituting for
the changed times), ought to do the job just fine.
Thanks for the suggestion. However, restarting the firewall (which
flushes and re-writes the rules) makes absolutely no difference. I have
to actually restart the machine for the rules to behave according to the
correct time. Maybe there is something wrong with the way Slackware
updates the kernel TZ - as per Jan's post. I've posted to the Slackware
list on linuxquestions.org to see if anybody knows more.
Sebastian
PS I agree with your position on restarting servers :-) but I don't seem
to get any choice in this matter
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
