Firewall rule for timed access

firewall

(Rob Bosch) #1

I could use some help. I want to implement a timed access to the network for a client or group of clients.
With timed access I mean I want to be able to stop network access at a certain time (for instance 22.00h) and start access at a certain time (for instance 7.30h)

I don’t think this is possible using the admin interface. I found this https://www.cyberciti.biz/tips/iptables-for-restricting-access-by-time-of-day.html
How would adjusting ip tables manually interfere with the NethServer implementation of the firewall?
Any help (and examples) are appreciated.

Question is: should the rule be a whitelist rule or a blacklist rule? (allow the daytime or block the nighttime)


(James Nesbitt) #2

If you’re able to get the desired firewall rule to be higher up in the list so that it is processed before the other rules, then in theory it should work.

It would need some testing and I wouldn’t be surprised if you need to add some exclusions to it to make sure that certain services continue to work during the time when you prevent others from accessing the internet.


(Marc) #3

One way that shall work:

  • Once you have the host/group, create a time condition from 07:30 to 22:00 for the allowed connection time (UI does not allow first value higher than second one).
  • Create a firewall rule accepting traffic from the host/group to red within the time condition.
  • Create a rule at the bottom to always drop/reject traffic from the host/group to red.

(Rob Bosch) #4

Thnx @dnutan. I think I managed that one… :wink:
I hope my son will be a bit less sleepy in class now…