[Firehol-support] limiting internet to certain periods of time

Tsaousis, Costa costa at tsaousis.gr
Fri Feb 10 18:43:26 GMT 2017


Hi Spike,

You can use ipsets in firehol.conf and run cron jobs to add/remove IPs to
the already configured ipsets.
This works perfectly and does not need a restart of your firewall.

Some special attention has to be given to established connections.
If you want even the established connections to be dropped, I suggest to
use blacklists which will examine all the traffic.

The wiki and manual has information about both.

Costa


On Fri, Feb 10, 2017 at 7:34 PM, Spike <spike at drba.org> wrote:

> Dear all,
>
> I need to restrict internet for certain clients based on time ranges. So
> for example ip a.b.c.d should only be able to reach the internet between 5
> and 6pm, while x.y.w.z only between 1-2pm.
>
> Before using firehol, I was accomplishing this by defining a custom chain
> "timelimited" in the INPUT chain that would drop all traffic for the ips it
> contained. I would then have cron firing off at various intervals adding
> and removing ips from "timelimited".
>
> What's the recommended way to implement this with firehol? I looked to see
> if there was any utility for time based rules, but didn't find one.
>
> thanks,
>
> Spike
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.firehol.org
> http://lists.firehol.org/mailman/listinfo/firehol-support



More information about the Firehol-support mailing list