I've been using a trick to emulate scheduled rules using IP tables. It would be nice to have something like this covered. I have even seen it in the silliest of home router firewalls.
First, create a rule with a table like so: # Schedule Table table <schedule_ip> persist # Scheduled access to HTTP pass in on egress proto tcp from <schedip> to any port http rdr-to $web_server keep state Then add to crontab jobs like this: # Top secret business server opens from 9AM-4PM during weekdays, and 2PM-4PM weekends. 0 9 * * 1-5 root /sbin/pfctl -T add -t schedule_ip 0.0.0.0/0 # open (Mon - Fri) 0 14 * * 6-7 root /sbin/pfctl -T add -t schedule_ip 0.0.0.0/0 # open (Sat + Sun) 0 16 * * * root /sbin/pfctl -T del -t schedule_ip 0.0.0.0/0 # close (everyday) Very useful technique, and I also think this works under securelevel=2 (correct me if I am wrong, I haven't tried myself). The 0.0.0.0/0 range is a very useful tool in many cases. On Sat, 1 Apr 2017 10:52:20 +0200 "Peter N. M. Hansteen" <pe...@bsdly.net> wrote: > Hi, > > I thought I'd like to give you a heads up that there will be a "PF and > networking" tutorial at BSDCan 2017 in Ottawa this June. > > The session will however not be the Nth rerun of the old one, we're > starting from scratch this time, and were looking for input on what to > include. > > Do you have questions on PF and related matters, or are there specific > topics you would like to see covered? > > We want to hear from you, either contact us directly at the reply-to > address use the list.
