On Fri, 4 Nov 2011, Fajar Priyanto wrote: > On Fri, Nov 4, 2011 at 10:15 AM, KevinO <kevin at kevino.org> wrote: >>> anyways, whatever, yes, you can do it with iptables, but not all off the >>> shelf firewall script generators will support multiple LAN subnets. I >>> usually write my own iptables rulesets. >>> >> I can say first hand that fwbuilder easily handles managing scripts for multiple >> subnets and aliased addressing on NIC's. I use separate interface cards for each >> subnet, however. (5 NIC's, 4 internal subnets, 3 public IP's on the one external >> facing NIC) > > Hi Kevin, > Expanding my original question. > I have a need to open and close iptables rules based on particular > time, say 1 week later, 1 month later, etc. > Currently I have a simple script to do that: > - Create the rules. > - Create atd job to delete the rule based on the defined time. > - Log it. > It works, but not elegant :) > > Does fwbuilder have that function? Fwbuilder does indeed have time objects in it, although I have never used them. The docs at http://fwbuilder.org are pretty extensive and the devs hang out on the mailing lists and regularly answer questions or provide pointers to the relevant docs. Hope this helps. -- Tom me at tdiehl.org Spamtrap address me123 at tdiehl.org