Documentation of nftables about match concept is too weak .
I want accept all traffic from ip x.w.y.z with port 80 only between two Date & Time for example :
start : 2024/01/12 22:55
end : 2024/01/15 17:30
How to do it with nftables ?
Add a comment |
1 Answer
It is possible to match a packet based on date and time since kernel 5.4 (the kernel commit was in 2019).
It is done like this:
nft insert rule inet filter input handle XX ip saddr x.x.x.x tcp dport 80 \ time \> \"2024-01-12 22:55\" \ time \< \"2024-01-15 17:30\" counter log prefix \"[nft time rule] \" accept You may find taking care of such rules easier by placing them in a dedicated chain like so:
chain maintenance_time { meta time < "2024-01-12 22:55:00" counter drop comment "too early" meta time > "2024-01-15 17:30:00" counter drop comment "too late" counter accept } chain input { ip saddr x.x.x.x tcp dport 80 counter jump maintenance_time ip saddr z.z.z.z tcp dport 443 counter jump maintenance_time } I found the information and links here useful: How do you filter packets differently based on time of day in nftables?
