Once upon a time Ina&Frank said... > > My question is that I want to exclude some of the ip addresses (PC's) to > connet to the internet after, let say 21:00hrs each day. And when they > are connectet at that time, to cut them off. The other addresses my > still connect. > > Is there a way to tell iptables (for example) to exclude some addresses > for a period of time or do I have to let cron bring down the firewall, > rewrite the config-file of iptables en restart the firewall again or do > I have more simple and more efficient methods to accomplish this.
I would use cron, but there's no need to take down the firewall and re-write any config files. I'd create a firewall chain (say "nighttime-block") and add the rules to that to do the blocking you want to do at night. Then every night from cron, run iptables to add a jump to that chain from the FORWARD chain. Every morning, remove that jump. In each case, its a single iptables command - there's no need to shutdown the firewall at all (all other rules stay in effect). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
