From owner-freebsd-stable@FreeBSD.ORG Thu Jun 10 12:46:53 2004 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 03FBE16A4CE for ; Thu, 10 Jun 2004 12:46:53 +0000 (GMT) Received: from mail.sandvine.com (sandvine.com [199.243.201.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7CD2843D2F for ; Thu, 10 Jun 2004 12:46:52 +0000 (GMT) (envelope-from don@sandvine.com) Received: by mail.sandvine.com with Internet Mail Service (5.5.2657.72) id ; Thu, 10 Jun 2004 08:46:38 -0400 Message-ID: From: Don Bowman To: 'Paul Mather' , khoi@oddworld.com Date: Thu, 10 Jun 2004 08:46:37 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: text/plain; charset="iso-8859-1" cc: freebsd-stable@freebsd.org Subject: RE: Port scan detection in ipfw2 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Jun 2004 12:46:53 -0000 From: Paul Mather [mailto:paul@gromit.dlib.vt.edu] > On Thu, 2004-06-10 at 00:11, Khoi Dinh wrote: > > > Also, is ipfw2 able to allow/disallow traffic according to > > time? ie. If I wanted to allow http traffic only from 9am > to 1pm, can I do > > this with ipfw? I've been looking all over the net looking > for a solution > > but haven't found one and was hoping that someone on the > list could help me > > out, even if the answer is "no, there are no such > kernel-based features." > > I don't believe there are any "kernel-based features" to do the above, > but a reasonable solution to that problem would be to use two cron > jobs. One, run at 9am, would insert/remove rules using ipfw to allow > HTTP traffic. The other, run at 1pm, would insert/remove rules using > ipfw to deny HTTP traffic. You're probably already using > cron to do log > rotation via newsyslog, so leveraging that tool to rotate ipfw traffic > policies shouldn't be beyond the pale... > > Cheers, > > Paul. There was a patch to ipfw posted last year that gave time to rules.