From owner-freebsd-stable@FreeBSD.ORG  Thu Jun 10 12:40:15 2004
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 96F0616A4D0
	for <freebsd-stable@freebsd.org>;
	Thu, 10 Jun 2004 12:40:15 +0000 (GMT)
Received: from gromit.dlib.vt.edu (gromit.dlib.vt.edu [128.173.49.29])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4EE1443D31
	for <freebsd-stable@freebsd.org>;
	Thu, 10 Jun 2004 12:40:15 +0000 (GMT)
	(envelope-from paul@gromit.dlib.vt.edu)
Received: from hawkwind.Chelsea-Ct.Org
	(pool-141-152-69-55.roa.east.verizon.net [141.152.69.55])
	by gromit.dlib.vt.edu (8.12.11/8.12.11) with ESMTP id i5ACe0OE066071
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Thu, 10 Jun 2004 08:40:02 -0400 (EDT)
	(envelope-from paul@gromit.dlib.vt.edu)
Received: from [192.168.1.25] (zappa.Chelsea-Ct.Org [192.168.1.25])
	i5ACdsUn020586;	Thu, 10 Jun 2004 08:39:55 -0400 (EDT)
From: Paul Mather <paul@gromit.dlib.vt.edu>
To: khoi@oddworld.com
In-Reply-To: <HZ2RNN00.Q1Y@luskan.oddworld.com>
References: <HZ2RNN00.Q1Y@luskan.oddworld.com>
Content-Type: text/plain
Message-Id: <1086871193.9393.8.camel@zappa.Chelsea-Ct.Org>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.4.6 
Date: Thu, 10 Jun 2004 08:39:54 -0400
Content-Transfer-Encoding: 7bit
cc: freebsd-stable@freebsd.org
Subject: Re: Port scan detection in ipfw2
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Production branch of FreeBSD source code
	<freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Jun 2004 12:40:15 -0000

On Thu, 2004-06-10 at 00:11, Khoi Dinh wrote:

> Also, is ipfw2 able to allow/disallow traffic according to
> time? ie. If I wanted to allow http traffic only from 9am to 1pm, can I do
> this with ipfw?  I've been looking all over the net looking for a solution
> but haven't found one and was hoping that someone on the list could help me
> out, even if the answer is "no, there are no such kernel-based features."

I don't believe there are any "kernel-based features" to do the above,
but a reasonable solution to that problem would be to use two cron
jobs.  One, run at 9am, would insert/remove rules using ipfw to allow
HTTP traffic.  The other, run at 1pm, would insert/remove rules using
ipfw to deny HTTP traffic.  You're probably already using cron to do log
rotation via newsyslog, so leveraging that tool to rotate ipfw traffic
policies shouldn't be beyond the pale...

Cheers,

Paul.
-- 
e-mail: paul@gromit.dlib.vt.edu

"Without music to decorate it, time is just a bunch of boring production
 deadlines or dates by which bills must be paid."
        --- Frank Vincent Zappa