open port in iptables for specific lenght of time
Steven Buehler
steve at ibushost.com
Tue Jun 7 16:49:02 UTC 2011
> -----Original Message-----
> From: redhat-list-bounces at redhat.com [mailto:redhat-list-
> bounces at redhat.com] On Behalf Of eugenejvr
> Sent: Tuesday, June 07, 2011 9:56 AM
> To: General Red Hat Linux discussion list
> Subject: Re: open port in iptables for specific lenght of time
>
> Look at this...
> http://www.cyberciti.biz/tips/iptables-for-restricting-access-by-time-of-
> day.html
>
> hope it helps
>
> --
>
> Eugene Jansen van Rensburg
> eMail: eugenejvr at gmail.com
>
> "Quit is NOT an option"
>
>
> On Tue, Jun 7, 2011 at 16:33, Steven Buehler <steve at ibushost.com> wrote:
> >
> > I have been googling for this and haven't found it. I know I have
> > seen it before and thought that it was an iptables command and not a
> > separate script, but I can't remember as it has been a while since I
have
> seen it.
> > What I want to do is to open a port on the firewall with iptables for
> > a set time, like 5 hours and then after 5 hours, it will close the port
again.
> > Can anybody point me in the right direction, or if it is a command of
> > iptables, maybe post that for me?
> >
> >
> >
> > We have a system that is locked down and you have to use a key to get
> > ssh access to it. We have employees and customers that are on dynamic
> > IP's that keep switching. They don't have root access. What I am
> > trying to do is create a script that they can log into and it will get
> > their current IP address and open the firewall for a specified length
> > of time. Once open, they would still have to use their public/private
> > key to ssh into it. I agree this isn't perfect, but it is better than
> > just leaving that port open to the world all the time.
> >
> >
> >
> > Any help would be appreciated
> >
> >
> >
> > thanks
> >
> > Steve
> >
> > --
Thanks Eugine, but it seems that the stock rpm of IPtables for v 5.x doesn't
include the libipt_time.so. These systems need to be as "stock" as possible
instead of compiling from source.
More information about the redhat-list
mailing list