Iptables Restricting Access By Time Of The Day

Recently I was asked to control access to couple of services based upon day and time. For example ftp server should be only available from Monday to Friday between 9 AM to 6 PM only. It is true that many services and daemons have in built facility for day and time based access control. For example xinetd offers data and time based access control. Iptables also allows such control via time patch/module. It matches if the packet arrival time/date is within a given range. This is very handy when you want a service to be available only at certain times of day or even certain days.

General syntax:

iptables RULE -m time --timestart TIME --timestop TIME --days DAYS -j ACTION

Where,

  • –timestart TIME : Time start value . Format is 00:00-23:59 (24 hours format)
  • –timestop TIME : Time stop value.
  • –days DAYS : Match only if today is one of the given days. (format: Mon,Tue,Wed,Thu,Fri,Sat,Sun ; default everyday)

An example
Suppose you would like to allow incoming ssh access only available from Monday to Friday between 9 AM to 6. Then you need to use iptables as follows:
Input rule:

iptables -A INPUT -p tcp -s 0/0 --sport 513:65535 -d 202.54.1.20 --dport 22 -m state --state NEW,ESTABLISHED -m time --timestart 09:00 --timestop 18:00 --days Mon,Tue,Wed,Thu,Fri -j ACCEPT

Output rule:

iptables -A OUTPUT -p tcp -s 202.54.1.20 --sport 22 -d 0/0 --dport 513:65535 -m state --state ESTABLISHED -m time --timestart 09:00 --timestop 18:00 --days Mon,Tue,Wed,Thu,Fri -j ACCEPT

References:

  • Please note time module is not part of standard kernel, you need to download and apply patch from Patch-O-Matic
  • Read iptables man page for more information.

๐Ÿง Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

๐Ÿง 6 comments so far... add one
CategoryList of Unix and Linux commands
Disk space analyzersncdu pydf
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
6 comments… add one
  • Flosse Nov 23, 2006 @ 14:09

    Good tips, thanks I linked to it from one of my articles… if you dont mind…

    //flosse

  • ๐Ÿง nixCraft Nov 23, 2006 @ 14:48

    flosse,

    Heh no problem.

    Appreciate your post.

  • ranto Jun 11, 2007 @ 6:51

    time option is not working with ubuntu 7.04. The time library is missing , may I have to recompile the whole Kernel ?

    Ranto

  • Emre Y. Nov 14, 2009 @ 17:47

    In the examples, module parameter —days written as -days (with one dash).

  • majo053 Feb 13, 2010 @ 19:35

    รขโ‚ฌโ€days is worng. Try –weekdays maybe.

  • Tom Jul 30, 2010 @ 12:21

    Hehe this is amazing what IPTABLES can do ๐Ÿ˜€
    Thanks for help, I just limited someone access to VPN to workdays only ๐Ÿ˜‰

    in IPtables 1.4.8 there is no option “–days”, just “–weekdays”

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum