From owner-freebsd-ipfw@FreeBSD.ORG Thu Mar 3 22:27:14 2005 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2B8CE16A4CE for ; Thu, 3 Mar 2005 22:27:14 +0000 (GMT) Received: from ms-smtp-02-eri0.texas.rr.com (ms-smtp-02.texas.rr.com [24.93.47.41]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5B0E643D46 for ; Thu, 3 Mar 2005 22:27:13 +0000 (GMT) (envelope-from rylwin@houston.rr.com) Received: from [192.168.1.40] (cpe-67-10-38-25.houston.res.rr.com [67.10.38.25])j23MRA8H021887 for ; Thu, 3 Mar 2005 16:27:10 -0600 (CST) Message-ID: <42278F2C.1050604@houston.rr.com> Date: Thu, 03 Mar 2005 16:26:52 -0600 From: Ryan Winograd User-Agent: Mozilla Thunderbird 0.9 (Windows/20041103) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org References: <20050303120033.5E23C16A4E6@hub.freebsd.org> In-Reply-To: <20050303120033.5E23C16A4E6@hub.freebsd.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine Subject: Re: time policies X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Mar 2005 22:27:14 -0000 Urban Engemyr, Chris is right. Crontab is your answer._BSD HACKS_ (published by O'Reilly) explains how to automatically change firewalls rules at certain times in hack #64 "Script IP Firewall Rulesets." Let's assume a very simple situation: you either allow traffic or block it. step 1: create to rulesets - /etc/ipf.rules.allow - /etc/ipf.rules.block step 2: the first script (block access) #!/bin/sh # replace the ipf.rules file cp /etc/ipf.rules.block /etc/ipf.rules # now have ipf re-read the rules file ipf -Fa -f /etc/ip.rules For the other script, replace ipf.rules with ipf.rules.allow. This is, of course, a simple example, but feel free to make it as complicated as you wish Hope this is helpful! Ryan > >Message: 1 >Date: Wed, 2 Mar 2005 20:28:06 +0100 >From: "Urban Engemyr" >Subject: time policies >To: >Message-ID: > <03A9E4B63BABC943BEC0C8A8EE428947016780@ecrex01.ecr-consulting.se> >Content-Type: text/plain; charset="us-ascii" > >Hi, > >Is it possible to have ipfw rules that are enabled during certain times >only? > >Regards >Urban > > >------------------------------ > >Message: 2 >Date: Wed, 2 Mar 2005 21:32:12 +0200 >From: "Chris Knipe" >Subject: Re: time policies >To: >Message-ID: <000c01c51f5e$890db150$0a01a8c0@ops.cenergynetworks.com> >Content-Type: text/plain; format=flowed; charset="iso-8859-1"; > reply-type=original > >Crontab? > >