Firewall rule with schedule



  • Hi all,
    I'm now setting a firewall rule in my office.. by default, all network services are denied in LAN… 1 rule called rule 1 is created in allowing port 80 from any user in LAN that is
    Proto = TCP
    Source = *
    Port = *
    Destination = *
    Port = 80
    Gateway = *

    Now, another rule called rule 2 is created to block port 80 during certain period of time( 3:00-4:00) with schedule set.
    Of course, rule 2 is before rule 1.

    My case is that all users are blocked using port 80 starting from 3:00. However, port 80 service can not be resumed at 4:00 sharp. port 80 service resumed very late, for instance, 4:30.

    Do you know the reasons behind? Any solutions towards my problem?
    Thank you.



  • I checked it last night, it delay 15 minutes, that's the network service(port 80) resumed at 4:15.
    Appreciated if anyone can tell the way to resume on time without delay.
    Many thanks.



  • When a scheduled rule exists, the following cron job is added:

    0,15,30,45      *       *       *       *       root    /etc/rc.filter_configure_sync
    

    It only runs every 15 minutes, so schedules are actually only checked at 15-minute intervals.
    I think the logic of the routine also "assumes" that 04:00 includes the whole "04:00:00-04:00:59.99" minute. So it does not think the rule should be removed until 04:01. Thus when the cron job runs at 04:00 it leaves the rule in effect. The next time it runs, at 04:15, the rule is removed.
    Change the end time to 03:59 - that will effectively mean right up to 03:59:59.999…