Iptables time module

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
View previous topic :: View next topic  
Author Message
anonuser
DD-WRT Novice


Joined: 15 Oct 2013
Posts: 3
PostPosted: Tue Oct 15, 2013 13:07    Post subject: Iptables time module Reply with quote
I would like to include in my firewall:

Code:
iptables -t nat -I PREROUTING -d 1.2.3.4 -m time --weekdays Tue -j DROP
iptables -I FORWARD -d 1.2.3.4 -m time --weekdays Tue -j DROP


I have been fighting to understand all morning how to block certain IPs in iptables using time based blocking. It seems that ddwrt is using a script instead of the time module to block certain websites in access restrictions.

Do any of the builds have the time module included? I don't understand what is going on because when I was googling, the ddwrt svn with the time module included showed up on the results, and this is an included extension in the standard build of iptables...

Otherwise, what is the easiest way to implement an IP and time based block where I can determine its ruleset priority (ie place it before everything else in iptables)

Thanks!
Back to top View user's profile Send private message
Sponsor
anonuser
DD-WRT Novice


Joined: 15 Oct 2013
Posts: 3
PostPosted: Tue Oct 15, 2013 17:35    Post subject: Reply with quote
Answering myself: More digging shows that people don't seem to be able to get TIME working in dd-wrt.

I therefore set something up using cron on the management tab in the GUI.

Don't forget to use user name root and the full path to /usr/sbin/iptables:


Code:
*/15 * * * 1,2,3,4,5 root /usr/sbin/iptables -I FORWARD -d 1.2.3.4 -j DROP


And to remove it with -D:

Code:
1 0 * * 6 root /usr/sbin/iptables -D FORWARD -d 1.2.3.4 -j DROP


etc...
Back to top View user's profile Send private message
Mile-Lile
DD-WRT Guru


Joined: 24 Feb 2013
Posts: 1634
Location: Belgrade
PostPosted: Tue Oct 15, 2013 18:03    Post subject: Reply with quote
you can do it from AR (Access Restrictions)... see wiki...
Back to top View user's profile Send private message
anonuser
DD-WRT Novice


Joined: 15 Oct 2013
Posts: 3
PostPosted: Tue Oct 15, 2013 18:37    Post subject: Reply with quote
Yeah, I use Access Restrictions for general stuff, but I want to flag with "-I", ie determine specifically the order of my iptables. Also, I had no luck using IPs on that page...
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum