IPFW Time Based Rule

[cybercoke]

Hi guys,

Can the freebsd FreeBSD do the control of a rule based on a clock-time? Example: I just want that this rule is emnabled between 8:00h and 22:00h.

${fwcmd} add set 12 allow log all from any to me dst-port 22 keep-state

Thank you.

 

[Anonymous]

You could do this using cron(1) by entering the appropriate ipfw(8) delete/add commands into the crontab(5) on every day at 8 and 22 h.

Important, before you do this, add rule numbers to all the ipfw-rules of your rule set, otherwise the following cannot work.

Let's assume, the rule number of the rule in question would become 1000. Then in /etc/crontab, you would add the following lines:

...
0        8      *       *       *       root    /sbin/ipfw -q delete 1000; /sbin/ipfw -q add 1000 set 12 allow log all from any to me dst-port 22 keep-state
0       22      *       *       *       root    /sbin/ipfw -q delete 1000; /sbin/ipfw -q add 1000 set 12 deny  log all from any to me dst-port 22 keep-state
...

 

[cybercoke]

Thank you, @rolfheinrich.

I'll try this.