On 10/18/2013 10:17 AM, kAja Ziegler wrote: > Hi, > > how to define time limited DNAT rule? > > SECTION ESTABLISHED > > # I don't know what to put here > > SECTION RELATED > > # I don't know what to put here > > SECTION NEW > > ############################################################################################################################################################################ > #ACTION SOURCE DEST PROTO DEST > SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME > # PORT > PORT(S) DEST LIMIT GROUP > > SSH(DNAT) net loc:$SERVER_INT_ADDR - - > - $SERVER_PUB_ADDR - - - - > timestart=18:45:00×top=18:48:00 > > > New connection can't be established before timestart and after timestop, > but how to terminate established connections? >
?SECTION ESTABLISHED SSH(REJECT) net loc:$SERVER_INT_ADDR - - $SERVER_PUB_ADDR ;\ time=start=18:48 And be sure FASTACCEPT=No in shorewall.conf -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
