Archive for category Networking

iptables


iptables is an application program which allows system administrator to
control incoming and outgoing traffic on basis of various parameters of packet.

It can also be used to access the traffic on the basis of day,time.
Suppose IIIT-A administration decides that the FTP service (172.31.2.40) should be
available only on Sunday between 6:00 pm to 11:59 pm.I might be using the
following tool for that 😛
iptables [-t table] -[AD] chain rule-specification [options]
iptables [-t table] -I chain [rulenum] rule-specification [options]
iptables [-t table] -R chain rulenum rule-specification [options]
iptables [-t table] -D chain rulenum [options]
iptables [-t table] -[LFZ] [chain] [options]
iptables [-t table] -N chain
iptables [-t table] -X [chain]
iptables [-t table] -P chain target [options]
iptables [-t table] -E old-chain-name new-chain-name

In this case:

iptables RULE -m time –timestart TIME –timestop TIME –days DAYS -j ACTION

–timestart value
Match only if it is after value (Inclusive, format: HH:MM ; default 00:00).

–timestop value
Match only if it is before value (Inclusive, format: HH:MM ; default 23:59).

–days listofdays
Match only if today is one of the given days. (format: Mon,Tue,Wed,Thu,Fri,Sat,Sun ; default everyday)

–datestart date
Match only if it is after date (Inclusive, format: YYYY[:MM[:DD[:hh[:mm[:ss]]]]] ; h,m,s start from 0 ;
default to 1970)

–datestop date
Match only if it is before date (Inclusive, format: YYYY[:MM[:DD[:hh[:mm[:ss]]]]] ; h,m,s start from 0 ;
default to 2037)

iptables -A INPUT -p tcp -s 0/0 --sport 513:65535 -d 172.31.2.40
--dport 21 -m state --state NEW,ESTABLISHED -m time
--timestart 18:00 --timestop 23.59 -days Sun -j ACCEPT

Advertisements

Leave a comment