如何在特定时间内开放所有端口？

Question 1

使用--timestart和--timestop语句（24 小时时间格式）：

$IPTABLES -A FORWARD -i $LAN_IF -o $OUTSIDE_IF -p tcp -s 192.168.10.34 -m state --state NEW -j ACCEPT --timestart 7:00 --timestop 17:30

看man iptables

Answer

使用--timestart和--timestop语句（24 小时时间格式）：

$IPTABLES -A FORWARD -i $LAN_IF -o $OUTSIDE_IF -p tcp -s 192.168.10.34 -m state --state NEW -j ACCEPT --timestart 7:00 --timestop 17:30

看man iptables

Question 2

从iptables()手册页中可以了解到time存在一个可以执行您想要的操作的模块：


time

       This matches if the packet arrival time/date is within a given range. All
options are optional, but are ANDed when specified. All times are interpreted as UTC
by default.                 


   --datestart [YYY[-MM[-DD[Thh[:mm[:ss]]]]]
   --datestop YYYY[-MM[-DD[Thh[:mm[:ss]]]]]
          Only match during the given time, which must be in ISO 8601 "T" notation.  The possible time range is 1970-01-01T00:00:00 to 2038-01-19T04:17:07.        
          If --datestart or --datestop are not specified, it will default to 1970-01-01 and 2038-01-19, respectively.

   --timestart hh:mm[:ss]   
   --timestop hh:mm[:ss]    
          Only match during the given daytime. The possible time range is 00:00:00 to 23:59:59. Leading zeroes are allowed (e.g. "06:03") and correctly interpreted as base-10.               

   [!] --monthdays day[,day...] 
          Only  match on the given days of the month. Possible values are 1 to 31. Note that specifying 31 will of course not match on months which do not have a 31st day; the same goes for 28- or 29-day February.                                                

   [!] --weekdays day[,day...]  
          Only match on the given weekdays. Possible values are Mon, Tue, Wed, Thu, Fri, Sat, Sun, or values from 1 to 7, respectively. You may also use two-character variants (Mo, Tu, etc.).

       --kerneltz
          Use the kernel timezone instead of UTC to determine whether a packet meets the time regulations.    

   EXAMPLES. To match on weekends, use:
          -m time --weekdays Sa,Su

   Or, to match (once) on a national holiday block:      
          -m time --datestart 2007-12-24 --datestop 2007-12-27

   Since the stop time is actually inclusive, you would need the following stop time to not match the first second of the new day:

          -m time --datestart 2007-01-01T17:00 --datestop 2007-01-01T23:59:59

   During lunch hour:

          -m time --timestart 12:30 --timestop 13:30

   The fourth Friday in the month:

          -m time --weekdays Fr --monthdays 22,23,24,25,26,27,28

Answer

从iptables()手册页中可以了解到time存在一个可以执行您想要的操作的模块：


time

       This matches if the packet arrival time/date is within a given range. All
options are optional, but are ANDed when specified. All times are interpreted as UTC
by default.                 


   --datestart [YYY[-MM[-DD[Thh[:mm[:ss]]]]]
   --datestop YYYY[-MM[-DD[Thh[:mm[:ss]]]]]
          Only match during the given time, which must be in ISO 8601 "T" notation.  The possible time range is 1970-01-01T00:00:00 to 2038-01-19T04:17:07.        
          If --datestart or --datestop are not specified, it will default to 1970-01-01 and 2038-01-19, respectively.

   --timestart hh:mm[:ss]   
   --timestop hh:mm[:ss]    
          Only match during the given daytime. The possible time range is 00:00:00 to 23:59:59. Leading zeroes are allowed (e.g. "06:03") and correctly interpreted as base-10.               

   [!] --monthdays day[,day...] 
          Only  match on the given days of the month. Possible values are 1 to 31. Note that specifying 31 will of course not match on months which do not have a 31st day; the same goes for 28- or 29-day February.                                                

   [!] --weekdays day[,day...]  
          Only match on the given weekdays. Possible values are Mon, Tue, Wed, Thu, Fri, Sat, Sun, or values from 1 to 7, respectively. You may also use two-character variants (Mo, Tu, etc.).

       --kerneltz
          Use the kernel timezone instead of UTC to determine whether a packet meets the time regulations.    

   EXAMPLES. To match on weekends, use:
          -m time --weekdays Sa,Su

   Or, to match (once) on a national holiday block:      
          -m time --datestart 2007-12-24 --datestop 2007-12-27

   Since the stop time is actually inclusive, you would need the following stop time to not match the first second of the new day:

          -m time --datestart 2007-01-01T17:00 --datestop 2007-01-01T23:59:59

   During lunch hour:

          -m time --timestart 12:30 --timestop 13:30

   The fourth Friday in the month:

          -m time --weekdays Fr --monthdays 22,23,24,25,26,27,28

如何在特定时间内开放所有端口？

答案1

答案2

相关内容