diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm
index 5662ecb38..ebfe3933c 100644
--- a/Shorewall/Perl/Shorewall/Tc.pm
+++ b/Shorewall/Perl/Shorewall/Tc.pm
@@ -174,8 +174,8 @@ sub initialize( $ ) {
#
# Process a rule from the tcrules or mangle file
#
-sub process_mangle_rule1( $$$$$$$$$$$$$$$$$ ) {
- our ( $file, $action, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state ) = @_;
+sub process_mangle_rule1( $$$$$$$$$$$$$$$$$$ ) {
+ our ( $file, $action, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state, $time ) = @_;
use constant {
PREROUTING => 1, #Actually tcpre
@@ -798,6 +798,7 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$ ) {
do_probability( $probability ) .
do_dscp( $dscp ) .
state_match( $state ) .
+ do_time( $time ) .
$raw_matches ,
$source ,
$dest ,
@@ -986,7 +987,9 @@ sub process_tc_rule1( $$$$$$$$$$$$$$$$ ) {
$headers,
$probability,
$dscp,
- $state );
+ $state,
+ '-',
+ );
}
}
@@ -1046,9 +1049,9 @@ sub process_tc_rule( ) {
}
sub process_mangle_rule( ) {
- my ( $originalmark, $source, $dest, $protos, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state );
+ my ( $originalmark, $source, $dest, $protos, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state, $time );
if ( $family == F_IPV4 ) {
- ( $originalmark, $source, $dest, $protos, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $probability, $dscp, $state ) =
+ ( $originalmark, $source, $dest, $protos, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $probability, $dscp, $state, $time ) =
split_line2( 'tcrules file',
{ mark => 0,
action => 0,
@@ -1065,7 +1068,9 @@ sub process_mangle_rule( ) {
helper => 11,
probability => 12 ,
scp => 13,
- state => 14 },
+ state => 14,
+ time => 15,
+ },
{},
15,
1 );
@@ -1089,14 +1094,16 @@ sub process_mangle_rule( ) {
headers => 12,
probability => 13,
dscp => 14,
- state => 15 },
+ state => 15,
+ time => 16,
+ },
{},
16,
1 );
}
for my $proto (split_list( $protos, 'Protocol' ) ) {
- process_mangle_rule1( 'Mangle', $originalmark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state );
+ process_mangle_rule1( 'Mangle', $originalmark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state, $time );
}
}
diff --git a/Shorewall/manpages/shorewall-mangle.xml b/Shorewall/manpages/shorewall-mangle.xml
index b4cd5ba13..c2bfed664 100644
--- a/Shorewall/manpages/shorewall-mangle.xml
+++ b/Shorewall/manpages/shorewall-mangle.xml
@@ -1109,6 +1109,104 @@ Normal-Service => 0x00
of the listed states.
+
+
+ TIME -
+ timeelement[&timeelement...]
+
+
+ Added in Shorewall 4.6.2.
+
+ May be used to limit the rule to a particular time period each
+ day, to particular days of the week or month, or to a range defined
+ by dates and times. Requires time match support in your kernel and
+ ip6tables.
+
+ timeelement may be:
+
+
+
+ timestart=hh:mm[:ss]
+
+
+ Defines the starting time of day.
+
+
+
+
+ timestop=hh:mm[:ss]
+
+
+ Defines the ending time of day.
+
+
+
+
+ utc
+
+
+ Times are expressed in Greenwich Mean Time.
+
+
+
+
+ localtz
+
+
+ Deprecated by the Netfilter team in favor of kerneltz. Times are expressed in Local
+ Civil Time (default).
+
+
+
+
+ kerneltz
+
+
+ Added in Shorewall 4.5.2. Times are expressed in Local
+ Kernel Time (requires iptables 1.4.12 or later).
+
+
+
+
+ weekdays=ddd[,ddd]...
+
+
+ where ddd is one of
+ , ,
+ , ,
+ , or
+
+
+
+
+
+ monthdays=dd[,dd],...
+
+
+ where dd is an ordinal day of
+ the month
+
+
+
+
+ datestart=yyyy[-mm[-dd[hh[:mm[:ss]]]]]
+
+
+ Defines the starting date and time.
+
+
+
+
+ datestop=yyyy[-mm[-dd[hh[:mm[:ss]]]]]
+
+
+ Defines the ending date and time.
+
+
+
+
+
diff --git a/Shorewall6/manpages/shorewall6-mangle.xml b/Shorewall6/manpages/shorewall6-mangle.xml
index 9772d079f..b10c01936 100644
--- a/Shorewall6/manpages/shorewall6-mangle.xml
+++ b/Shorewall6/manpages/shorewall6-mangle.xml
@@ -1194,6 +1194,104 @@ Normal-Service => 0x00
of the listed states.
+
+
+ TIME -
+ timeelement[&timeelement...]
+
+
+ Added in Shorewall 4.6.2.
+
+ May be used to limit the rule to a particular time period each
+ day, to particular days of the week or month, or to a range defined
+ by dates and times. Requires time match support in your kernel and
+ ip6tables.
+
+ timeelement may be:
+
+
+
+ timestart=hh:mm[:ss]
+
+
+ Defines the starting time of day.
+
+
+
+
+ timestop=hh:mm[:ss]
+
+
+ Defines the ending time of day.
+
+
+
+
+ utc
+
+
+ Times are expressed in Greenwich Mean Time.
+
+
+
+
+ localtz
+
+
+ Deprecated by the Netfilter team in favor of kerneltz. Times are expressed in Local
+ Civil Time (default).
+
+
+
+
+ kerneltz
+
+
+ Added in Shorewall 4.5.2. Times are expressed in Local
+ Kernel Time (requires iptables 1.4.12 or later).
+
+
+
+
+ weekdays=ddd[,ddd]...
+
+
+ where ddd is one of
+ , ,
+ , ,
+ , or
+
+
+
+
+
+ monthdays=dd[,dd],...
+
+
+ where dd is an ordinal day of
+ the month
+
+
+
+
+ datestart=yyyy[-mm[-dd[hh[:mm[:ss]]]]]
+
+
+ Defines the starting date and time.
+
+
+
+
+ datestop=yyyy[-mm[-dd[hh[:mm[:ss]]]]]
+
+
+ Defines the ending date and time.
+
+
+
+
+