diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm index 5662ecb38..ebfe3933c 100644 --- a/Shorewall/Perl/Shorewall/Tc.pm +++ b/Shorewall/Perl/Shorewall/Tc.pm @@ -174,8 +174,8 @@ sub initialize( $ ) { # # Process a rule from the tcrules or mangle file # -sub process_mangle_rule1( $$$$$$$$$$$$$$$$$ ) { - our ( $file, $action, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state ) = @_; +sub process_mangle_rule1( $$$$$$$$$$$$$$$$$$ ) { + our ( $file, $action, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state, $time ) = @_; use constant { PREROUTING => 1, #Actually tcpre @@ -798,6 +798,7 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$ ) { do_probability( $probability ) . do_dscp( $dscp ) . state_match( $state ) . + do_time( $time ) . $raw_matches , $source , $dest , @@ -986,7 +987,9 @@ sub process_tc_rule1( $$$$$$$$$$$$$$$$ ) { $headers, $probability, $dscp, - $state ); + $state, + '-', + ); } } @@ -1046,9 +1049,9 @@ sub process_tc_rule( ) { } sub process_mangle_rule( ) { - my ( $originalmark, $source, $dest, $protos, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state ); + my ( $originalmark, $source, $dest, $protos, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state, $time ); if ( $family == F_IPV4 ) { - ( $originalmark, $source, $dest, $protos, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $probability, $dscp, $state ) = + ( $originalmark, $source, $dest, $protos, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $probability, $dscp, $state, $time ) = split_line2( 'tcrules file', { mark => 0, action => 0, @@ -1065,7 +1068,9 @@ sub process_mangle_rule( ) { helper => 11, probability => 12 , scp => 13, - state => 14 }, + state => 14, + time => 15, + }, {}, 15, 1 ); @@ -1089,14 +1094,16 @@ sub process_mangle_rule( ) { headers => 12, probability => 13, dscp => 14, - state => 15 }, + state => 15, + time => 16, + }, {}, 16, 1 ); } for my $proto (split_list( $protos, 'Protocol' ) ) { - process_mangle_rule1( 'Mangle', $originalmark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state ); + process_mangle_rule1( 'Mangle', $originalmark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state, $time ); } } diff --git a/Shorewall/manpages/shorewall-mangle.xml b/Shorewall/manpages/shorewall-mangle.xml index b4cd5ba13..c2bfed664 100644 --- a/Shorewall/manpages/shorewall-mangle.xml +++ b/Shorewall/manpages/shorewall-mangle.xml @@ -1109,6 +1109,104 @@ Normal-Service => 0x00 of the listed states. + + + TIME - + timeelement[&timeelement...] + + + Added in Shorewall 4.6.2. + + May be used to limit the rule to a particular time period each + day, to particular days of the week or month, or to a range defined + by dates and times. Requires time match support in your kernel and + ip6tables. + + timeelement may be: + + + + timestart=hh:mm[:ss] + + + Defines the starting time of day. + + + + + timestop=hh:mm[:ss] + + + Defines the ending time of day. + + + + + utc + + + Times are expressed in Greenwich Mean Time. + + + + + localtz + + + Deprecated by the Netfilter team in favor of kerneltz. Times are expressed in Local + Civil Time (default). + + + + + kerneltz + + + Added in Shorewall 4.5.2. Times are expressed in Local + Kernel Time (requires iptables 1.4.12 or later). + + + + + weekdays=ddd[,ddd]... + + + where ddd is one of + , , + , , + , or + + + + + + monthdays=dd[,dd],... + + + where dd is an ordinal day of + the month + + + + + datestart=yyyy[-mm[-dd[hh[:mm[:ss]]]]] + + + Defines the starting date and time. + + + + + datestop=yyyy[-mm[-dd[hh[:mm[:ss]]]]] + + + Defines the ending date and time. + + + + + diff --git a/Shorewall6/manpages/shorewall6-mangle.xml b/Shorewall6/manpages/shorewall6-mangle.xml index 9772d079f..b10c01936 100644 --- a/Shorewall6/manpages/shorewall6-mangle.xml +++ b/Shorewall6/manpages/shorewall6-mangle.xml @@ -1194,6 +1194,104 @@ Normal-Service => 0x00 of the listed states. + + + TIME - + timeelement[&timeelement...] + + + Added in Shorewall 4.6.2. + + May be used to limit the rule to a particular time period each + day, to particular days of the week or month, or to a range defined + by dates and times. Requires time match support in your kernel and + ip6tables. + + timeelement may be: + + + + timestart=hh:mm[:ss] + + + Defines the starting time of day. + + + + + timestop=hh:mm[:ss] + + + Defines the ending time of day. + + + + + utc + + + Times are expressed in Greenwich Mean Time. + + + + + localtz + + + Deprecated by the Netfilter team in favor of kerneltz. Times are expressed in Local + Civil Time (default). + + + + + kerneltz + + + Added in Shorewall 4.5.2. Times are expressed in Local + Kernel Time (requires iptables 1.4.12 or later). + + + + + weekdays=ddd[,ddd]... + + + where ddd is one of + , , + , , + , or + + + + + + monthdays=dd[,dd],... + + + where dd is an ordinal day of + the month + + + + + datestart=yyyy[-mm[-dd[hh[:mm[:ss]]]]] + + + Defines the starting date and time. + + + + + datestop=yyyy[-mm[-dd[hh[:mm[:ss]]]]] + + + Defines the ending date and time. + + + + +