On 11/03/2011 08:03 PM, Fajar Priyanto wrote:
On Fri, Nov 4, 2011 at 10:15 AM, KevinO kevin@kevino.org wrote:
anyways, whatever, yes, you can do it with iptables, but not all off the shelf firewall script generators will support multiple LAN subnets. I usually write my own iptables rulesets.
I can say first hand that fwbuilder easily handles managing scripts for multiple subnets and aliased addressing on NIC's. I use separate interface cards for each subnet, however. (5 NIC's, 4 internal subnets, 3 public IP's on the one external facing NIC)
Hi Kevin, Expanding my original question. I have a need to open and close iptables rules based on particular time, say 1 week later, 1 month later, etc. Currently I have a simple script to do that:
- Create the rules.
- Create atd job to delete the rule based on the defined time.
- Log it.
It works, but not elegant :)
Does fwbuilder have that function?
I'm not sure, and I don't have time to fire it up and check right now. I don't have the latest version, anyway. I think there is an extensive manual on the project's website and that will give you all of the details.