LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   complex iptable rule help (https://www.linuxquestions.org/questions/linux-security-4/complex-iptable-rule-help-358404/)

farhan 08-30-2005 05:06 AM

complex iptable rule help
 
Hi
wt i want to do is just simple setup. I will be very
thankful for the help

firewall/Gateway
lan0---eth0-192.168.1.253/30--eth1-10.0.0.253/30-----Lan1

I want one to write the iptable rule for forwarding of
TCP traffic from Lan0 to lan1 on the server
10.0.0.254/30 port www, telnet, ssh, ftp 21,22 during
the office timeings 9 am to 5pm with syn bit set or
stateful option New, Established, Related and log the
packet field informations as well.

Capt_Caveman 08-30-2005 10:41 PM

I think this is what you're trying to do:
Code:

iptables -A FORWARD -i eth0 -o eth1 -s 192.168.1.253/30 -d 10.0.0.253/30 -p tcp -m multiport --dports 80,23,22,21,20 -m time --timestart 09:00 --timestop 17:00 -m state NEW,ESTABLISHED,RELATED -j LOG --log-tcp-options

iptables -A FORWARD -i eth0 -o eth1 -s 192.168.1.253/30 -d 10.0.0.253/30 -p tcp -m multiport --dports 80,23,22,21,20 -m time --timestart 09:00 --timestop 17:00 -m state NEW,ESTABLISHED,RELATED -j ACCEPT

Logging every single packet during business hours is probably a bad idea as your logs will be massive if you have alot of traffic on your network. You may need to recompile the kernel to support the time module if it's not included with your distro. If that's the case, you'll get an error about not being able to find ipt_time.

newpenguin 08-31-2005 09:58 PM

there is another way to change the rules from time to time.
create two rules files.
use crontab to switch between them.


All times are GMT -5. The time now is 12:44 AM.