Latest LQ Deal: Linux Power User Bundle
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 08-30-2005, 05:06 AM   #1
Registered: Feb 2003
Distribution: xNIX
Posts: 121

Rep: Reputation: 15
complex iptable rule help

wt i want to do is just simple setup. I will be very
thankful for the help


I want one to write the iptable rule for forwarding of
TCP traffic from Lan0 to lan1 on the server port www, telnet, ssh, ftp 21,22 during
the office timeings 9 am to 5pm with syn bit set or
stateful option New, Established, Related and log the
packet field informations as well.
Old 08-30-2005, 10:41 PM   #2
Senior Member
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
I think this is what you're trying to do:
iptables -A FORWARD -i eth0 -o eth1 -s -d -p tcp -m multiport --dports 80,23,22,21,20 -m time --timestart 09:00 --timestop 17:00 -m state NEW,ESTABLISHED,RELATED -j LOG --log-tcp-options

iptables -A FORWARD -i eth0 -o eth1 -s -d -p tcp -m multiport --dports 80,23,22,21,20 -m time --timestart 09:00 --timestop 17:00 -m state NEW,ESTABLISHED,RELATED -j ACCEPT
Logging every single packet during business hours is probably a bad idea as your logs will be massive if you have alot of traffic on your network. You may need to recompile the kernel to support the time module if it's not included with your distro. If that's the case, you'll get an error about not being able to find ipt_time.
Old 08-31-2005, 09:58 PM   #3
Registered: Sep 2002
Location: lahore pakistan
Distribution: slackware,redhat, FreeBSD,openbsd
Posts: 219

Rep: Reputation: 30
there is another way to change the rules from time to time.
create two rules files.
use crontab to switch between them.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
iptable rule for rmi bijuhpd Linux - Newbie 2 04-27-2005 12:42 AM
gsl_complex vs <complex> darknails Programming 0 02-27-2005 10:24 AM
complex question help needed ropeboardCEO Linux - Newbie 4 12-25-2004 12:02 AM
Help me write iptable rule to LOG gpagedar Linux - Security 1 10-01-2003 06:47 AM
Port forwarding - Complex hoondie Linux - Networking 2 09-17-2003 07:06 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:38 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration