From ef4b1c2030270587a77f959e0b3d27920cf56328 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Thu, 22 Sep 2016 15:45:18 -0700 Subject: [PATCH] Add a TIME Columns section to the config file basics doc Signed-off-by: Tom Eastep --- Shorewall/manpages/shorewall-mangle.xml | 2 +- Shorewall/manpages/shorewall-rules.xml | 2 +- Shorewall6/manpages/shorewall6-mangle.xml | 2 +- Shorewall6/manpages/shorewall6-rules.xml | 2 +- docs/configuration_file_basics.xml | 178 +++++++++++++++++++++- 5 files changed, 181 insertions(+), 5 deletions(-) diff --git a/Shorewall/manpages/shorewall-mangle.xml b/Shorewall/manpages/shorewall-mangle.xml index c5df54f9f..e1574df4c 100644 --- a/Shorewall/manpages/shorewall-mangle.xml +++ b/Shorewall/manpages/shorewall-mangle.xml @@ -1262,7 +1262,7 @@ Normal-Service => 0x00 Added in Shoreawll 5.0.12. When timestop is smaller than timestart value, match this as a single - time period instead distinct intervals. + time period instead of distinct intervals. diff --git a/Shorewall/manpages/shorewall-rules.xml b/Shorewall/manpages/shorewall-rules.xml index 9128a7db6..503cffc01 100644 --- a/Shorewall/manpages/shorewall-rules.xml +++ b/Shorewall/manpages/shorewall-rules.xml @@ -1689,7 +1689,7 @@ Added in Shoreawll 5.0.12. When timestop is smaller than timestart value, match this as a single - time period instead distinct intervals. + time period instead of distinct intervals. diff --git a/Shorewall6/manpages/shorewall6-mangle.xml b/Shorewall6/manpages/shorewall6-mangle.xml index 07d198173..3ce749720 100644 --- a/Shorewall6/manpages/shorewall6-mangle.xml +++ b/Shorewall6/manpages/shorewall6-mangle.xml @@ -1338,7 +1338,7 @@ Normal-Service => 0x00 Added in Shoreawll 5.0.12. When timestop is smaller than timestart value, match this as a single - time period instead distinct intervals. + time period instead of distinct intervals. diff --git a/Shorewall6/manpages/shorewall6-rules.xml b/Shorewall6/manpages/shorewall6-rules.xml index c09dd6f9e..a7a01f761 100644 --- a/Shorewall6/manpages/shorewall6-rules.xml +++ b/Shorewall6/manpages/shorewall6-rules.xml @@ -1554,7 +1554,7 @@ Added in Shoreawll 5.0.12. When timestop is smaller than timestart value, match this as a single - time period instead distinct intervals. + time period instead of distinct intervals. diff --git a/docs/configuration_file_basics.xml b/docs/configuration_file_basics.xml index bb677b5a6..79f49dc75 100644 --- a/docs/configuration_file_basics.xml +++ b/docs/configuration_file_basics.xml @@ -782,7 +782,7 @@ DNAT { source=net dest=loc:10.0.0.1 proto=tcp dport=80 mark=88 } ACCEPT net $FW { proto=tcp, dport=22, comment="Accept \"SSH\"" } - As shown in that example, when the comment contains whitespace, it + As shown in that example, when the comment contains whitespace, it must be enclosed in double quotes and any embedded double quotes must be escaped using a backslash ("\"). @@ -2800,6 +2800,182 @@ redirect => 137 above. +
+ TIME Columns + + Several of the files include a TIME colum that allows you to specify + times when the rule is to be applied. Contents of this column is a list of + timeelements separated by apersands + (&). + + Each timeelement is one of the + following: + + + + timestart=hh:mm[:ss] + + + Defines the starting time of day. + + + + + timestop=hh:mm[:ss] + + + Defines the ending time of day. + + + + + contiguous + + + Added in Shoreawll 5.0.12. When timestop is smaller than timestart value, match this as a single time + period instead of distinct intervals. See the Examples below. + + + + + utc + + + Times are expressed in Greenwich Mean Time. + + + + + localtz + + + Deprecated by the Netfilter team in favor of kerneltz. Times are expressed in Local Civil + Time (default). + + + + + kerneltz + + + Added in Shorewall 4.5.2. Times are expressed in Local Kernel + Time (requires iptables 1.4.12 or later). + + + + + weekdays=ddd[,ddd]... + + + where ddd is one of + , , , + , , or + + + + + + monthdays=dd[,dd],... + + + where dd is an ordinal day of the + month + + + + + datestart=yyyy[-mm[-dd[hh[:mm[:ss]]]]] + + + Defines the starting date and time. + + + + + datestop=yyyy[-mm[-dd[hh[:mm[:ss]]]]] + + + Defines the ending date and time. + + + + + Examples: + + + + To match on weekends, use: + + + + + weekdays=Sat,Sun + + + + + Or, to match (once) on a national holiday block: + + + + + datestart=2016-12-24&datestop=2016-12-27 + + + + + Since the stop time is actually inclusive, you would need the + following stop time to not match the first second of the new + day: + + + + + datestart=2016-12-24T17:00&datestop=2016-12-27T23:59:59 + + + + + During Lunch Hour + + + + + + + + The fourth Friday in the month: + + + + + weekdays=Fri&monthdays=22,23,24,25,26,27,28 + + + + + Matching across days might not do what is expected. For + instance, + + + + + weekdays=Mon&timestart=23:00&timestop=01:00 + + Will match Monday, for one hour from midnight to 1 a.m., and + then again for another hour from 23:00 onwards. If this is unwanted, + e.g. if you would like 'match for two hours from Montay 23:00 + onwards' you need to also specify the contiguous option in the example above. + + + + +
+
Switches