diff options
author | Jose M. Guisado Gomez <guigom@riseup.net> | 2020-02-04 11:24:16 +0100 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2020-02-04 11:34:49 +0100 |
commit | ac5794e3deca11b0ec7d0debb025270124e5102a (patch) | |
tree | ebf3eb97b9087201e0b4a38c4297e68927e7fd30 /extensions/libxt_time.txlate | |
parent | d6b480e7ceeb6e9324418c2aecdebcedb1c10863 (diff) |
extensions: time: add translation and tests
Translation capabilities for xtables time match. Different time values
(hour and datetime) are translated into ranges.
These time match options can be translated now
--timestart value
--timestop value
[!] --weekdays listofdays
--datestart date
--datestop date
The option --monthdays can't be translated into nft as of now.
Examples can be found inside libxt_time.txlate
Signed-off-by: Jose M. Guisado Gomez <guigom@riseup.net>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'extensions/libxt_time.txlate')
-rw-r--r-- | extensions/libxt_time.txlate | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/extensions/libxt_time.txlate b/extensions/libxt_time.txlate new file mode 100644 index 00000000..ff4a7b88 --- /dev/null +++ b/extensions/libxt_time.txlate @@ -0,0 +1,26 @@ +iptables-translate -A INPUT -p icmp --icmp-type echo-request -m time --weekdays Sa,Su -j REJECT +nft add rule ip filter INPUT icmp type echo-request meta day {6,0} counter reject + +iptables-translate -A INPUT -p icmp --icmp-type echo-request -m time --timestart 12:00 -j REJECT +nft add rule ip filter INPUT icmp type echo-request meta hour "12:00:00"-"23:59:59" counter reject + +iptables-translate -A INPUT -p icmp --icmp-type echo-request -m time --timestop 12:00 -j REJECT +nft add rule ip filter INPUT icmp type echo-request meta hour "00:00:00"-"12:00:00" counter reject + +iptables-translate -A INPUT -p icmp --icmp-type echo-request -m time --datestart 2021 -j REJECT +nft add rule ip filter INPUT icmp type echo-request meta time "2021-01-01 00:00:00"-"2038-01-19 03:14:07" counter reject + +iptables-translate -A INPUT -p icmp --icmp-type echo-request -m time --datestop 2021 -j REJECT +nft add rule ip filter INPUT icmp type echo-request meta time "1970-01-01 00:00:00"-"2021-01-01 00:00:00" counter reject + +iptables-translate -A INPUT -p icmp --icmp-type echo-request -m time --datestop 2021-01-29T00:00:00 -j REJECT +nft add rule ip filter INPUT icmp type echo-request meta time "1970-01-01 00:00:00"-"2021-01-29 00:00:00" counter reject + +iptables-translate -A INPUT -p icmp --icmp-type echo-request -m time --datestart 2020-01-29T00:00:00 --timestart 12:00 -j REJECT +nft add rule ip filter INPUT icmp type echo-request meta time "2020-01-29 00:00:00"-"2038-01-19 03:14:07" meta hour "12:00:00"-"23:59:59" counter reject + +iptables-translate -A INPUT -p icmp --icmp-type echo-request -m time --datestart 2020-01-29T00:00:00 --timestart 12:00 --timestop 19:00 --weekdays Mon,Tue,Wed,Thu,Fri -j REJECT +nft add rule ip filter INPUT icmp type echo-request meta time "2020-01-29 00:00:00"-"2038-01-19 03:14:07" meta hour "12:00:00"-"19:00:00" meta day {1,2,3,4,5} counter reject + +iptables-translate -A INPUT -p icmp --icmp-type echo-request -m time --datestart 2020-01-29T00:00:00 --timestart 12:00 --timestop 19:00 ! --weekdays Mon,Tue,Wed,Thu,Fri -j REJECT +nft add rule ip filter INPUT icmp type echo-request meta time "2020-01-29 00:00:00"-"2038-01-19 03:14:07" meta hour "12:00:00"-"19:00:00" meta day {6,0} counter reject |