>From my understanding of the original question (which I may have forgotten) I think the natural extension would be to add absolute timestamps to the time match to be able to match
before timestamp X or after timestamp X Cobmbined one can match "between timestamp X and Y", thus enabling one to write a rule that will match "starting in 2 hours and valid for 48 hours after that". Any translation between timezones and daylight savings is obviously the responsibility of user space. However, my personal opinion is that this kind of static time matches should be done in userspace, using tools like cron or at to activate/deactivate the rules. But I acknowledge that in lack of a good userspace complex rule management tool capable of maintainint the rulebase in a sensible manner having kernellevel time matches can be quite useful. Regards Henrik Nordström On Saturday 09 March 2002 15:59, Hervé Eychenne wrote: > I'm sorry, but I'm not sure that such a feature belongs to an > existing match module (pool, recent, etc.). Wouldn't it be best to > do a separate module for this, as several matches can be combined > in a single rule? That would be much more generic, I think (if we > consider this functionality belongs to kernel space, of course...) > > Example : > iptables -A INPUT -s $IP -m timeout --timestamp $TIMESTAMP -j > ACCEPT > > Please note that such a feature can currently be achieved in > user-space with a simple at job. And it seems sufficient in most > cases. > > RV
