[研究] iptables 與時間相關設定

[研究] iptables 與時間相關設定

2019-08-13

參考
Iptables Restricting Access By Time Of The Day - nixCraft
https://www.cyberciti.biz/tips/iptables-for-restricting-access-by-time-of-day.html

常用與法

iptables RULE -m time --timestart TIME --timestop TIME --days DAYS -j ACTION

–timestart TIME : Time start value . Format is 00:00-23:59 (24 hours format)
–timestop TIME : Time stop value.
–days DAYS : Match only if today is one of the given days. (format: Mon,Tue,Wed,Thu,Fri,Sat,Sun ; default everyday)

範例

Input rule:

iptables -A INPUT -p tcp -s 0/0 --sport 513:65535 -d 202.54.1.20 --dport 22 -m state --state NEW,ESTABLISHED -m time --timestart 09:00 --timestop 18:00 --days Mon,Tue,Wed,Thu,Fri -j ACCEPT

Output rule:

iptables -A OUTPUT -p tcp -s 202.54.1.20 --sport 22 -d 0/0 --dport 513:65535 -m state --state ESTABLISHED -m time --timestart 09:00 --timestop 18:00 --days Mon,Tue,Wed,Thu,Fri -j ACCEPT

********************************************************************************

參考
iptables time 時間匹配規則-Linux運維日誌
https://www.centos.bz/2018/07/iptables-time-%E6%97%B6%E9%97%B4%E5%8C%B9%E9%85%8D%E8%A7%84%E5%88%99/

iptables time 時間匹配規則 - eydwyz的專欄 - CSDN博客
https://blog.csdn.net/eydwyz/article/details/53382632

1、每天固定時間段匹配

iptables -I FORWARD -s 172.17.1.132 -d 192.168.1.119 -m time --timestart 09:40 --timestop 09:59 -j DROP

2、按周固定時間段匹配

iptables -I FORWARD -s 172.17.1.132 -d 192.168.1.119 -m time --timestart 09:40 --timestop 09:59 --weekdays Wed,Thu -j DROP

3、按固定日期匹配，注這裡比較特殊，可以看見下面的時間是17點不是9點，是因為時區的原因，要差8小時。

iptables -I FORWARD -s 172.17.1.132 -d 192.168.1.119 -m time --datestart 2014-3-19T17:40:08 --datestop 2014-3-19T17:59:50 -j DROP

幫助說明：

time match options:
    --datestart time     Start and stop time, to be given in ISO 8601
    --datestop time      (YYYY[-MM[-DD[Thh[:mm[:ss]]]]])
    --timestart time     Start and stop daytime (hh:mm[:ss])
    --timestop time      (between 00:00:00 and 23:59:59)
[!] --monthdays value    List of days on which to match, separated by comma
                         (Possible days: 1 to 31; defaults to all)
[!] --weekdays value     List of weekdays on which to match, sep. by comma
                         (Possible days: Mon,Tue,Wed,Thu,Fri,Sat,Sun or 1 to 7
                         Defaults to all weekdays.)
    --localtz/--utc      Time is interpreted as UTC/local time

(完)

相關

Iptables Restricting Access By Time Of The Day - nixCraft
https://www.cyberciti.biz/tips/iptables-for-restricting-access-by-time-of-day.html

iptables time 時間匹配規則-Linux運維日誌
https://www.centos.bz/2018/07/iptables-time-%E6%97%B6%E9%97%B4%E5%8C%B9%E9%85%8D%E8%A7%84%E5%88%99/

鳥哥的 Linux 私房菜 -- Linux 防火牆與 NAT 伺服器
http://linux.vbird.org/linux_server/0250simple_firewall.php

iptables - 維基百科，自由的百科全書
https://zh.wikipedia.org/wiki/Iptables

iptables(8) - Linux man page
https://linux.die.net/man/8/iptables

iptables命令_Linux iptables 命令用法詳解：Linux上常用的防火牆軟件
https://man.linuxde.net/iptables