Iptables Restricting Access By Time Of The Day

Recently I was asked to control access to couple of services based upon day and time. For example ftp server should be only available from Monday to Friday between 9 AM to 6 PM only. It is true that many services and daemons have in built facility for day and time based access control. For example xinetd offers data and time based access control. Iptables also allows such control via time patch/module. It matches if the packet arrival time/date is within a given range. This is very handy when you want a service to be available only at certain times of day or even certain days.

General syntax:

iptables RULE -m time --timestart TIME --timestop TIME --days DAYS -j ACTION

Where,

  • –timestart TIME : Time start value . Format is 00:00-23:59 (24 hours format)
  • –timestop TIME : Time stop value.
  • –days DAYS : Match only if today is one of the given days. (format: Mon,Tue,Wed,Thu,Fri,Sat,Sun ; default everyday)

An example
Suppose you would like to allow incoming ssh access only available from Monday to Friday between 9 AM to 6. Then you need to use iptables as follows:
Input rule:

iptables -A INPUT -p tcp -s 0/0 --sport 513:65535 -d 202.54.1.20 --dport 22 -m state --state NEW,ESTABLISHED -m time --timestart 09:00 --timestop 18:00 --days Mon,Tue,Wed,Thu,Fri -j ACCEPT

Output rule:

iptables -A OUTPUT -p tcp -s 202.54.1.20 --sport 22 -d 0/0 --dport 513:65535 -m state --state ESTABLISHED -m time --timestart 09:00 --timestop 18:00 --days Mon,Tue,Wed,Thu,Fri -j ACCEPT

References:

  • Please note time module is not part of standard kernel, you need to download and apply patch from Patch-O-Matic
  • Read iptables man page for more information.
🐧 If you liked this page, please support my work on Patreon or with a donation.
🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source & DevOps topics via:
CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
6 comments… add one
  • Tom Jul 30, 2010 @ 12:21

    Hehe this is amazing what IPTABLES can do 😀
    Thanks for help, I just limited someone access to VPN to workdays only 😉

    in IPtables 1.4.8 there is no option “–days”, just “–weekdays”

  • majo053 Feb 13, 2010 @ 19:35

    —days is worng. Try –weekdays maybe.

  • Emre Y. Nov 14, 2009 @ 17:47

    In the examples, module parameter —days written as -days (with one dash).

  • ranto Jun 11, 2007 @ 6:51

    time option is not working with ubuntu 7.04. The time library is missing , may I have to recompile the whole Kernel ?

    Ranto

  • 🐧 nixCraft Nov 23, 2006 @ 14:48

    flosse,

    Heh no problem.

    Appreciate your post.

  • Flosse Nov 23, 2006 @ 14:09

    Good tips, thanks I linked to it from one of my articles… if you dont mind…

    //flosse

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.