Does having timestart == timestop make any sense? Why would you want to do that? Perhaps make iptables reject such input? On Thu, Aug 1, 2013 at 4:24 AM, Michal Kubecek <mkubecek@xxxxxxx> wrote: > On Wed, Jul 31, 2013 at 04:42:15PM +0800, Henry Lee wrote: >> diff --git a/net/netfilter/xt_time.c b/net/netfilter/xt_time.c >> index 0ae55a3..753573c 100644 >> --- a/net/netfilter/xt_time.c >> +++ b/net/netfilter/xt_time.c >> @@ -192,7 +192,7 @@ time_mt(const struct sk_buff *skb, struct >> xt_action_param *par) >> >> packet_time = localtime_1(¤t_time, stamp); >> >> - if (info->daytime_start < info->daytime_stop) { >> + if (info->daytime_start <= info->daytime_stop) { >> if (packet_time < info->daytime_start || >> packet_time > info->daytime_stop) >> return false; >> > > As far as I can see, this would cause only packets arriving at midnight > to match by default (i.e. without both --timestart and --timestop). > > Michal Kubecek > > -- > To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html