WEBVTT

00:02.140 --> 00:09.490
As a sysadmin, you may be asked to control access to a couple of services based upon a day in time,

00:09.760 --> 00:16.960
for example, the company intranet server should only be available from Monday to Friday between eight

00:16.960 --> 00:20.870
a.m. and six p.m. in this lecture.

00:21.040 --> 00:27.700
I'll show you how to filter traffic based on the date and time the packet is received, generated or

00:27.700 --> 00:28.270
routed.

00:29.900 --> 00:38.270
There is the minus empty time of mix that is very flexible and has many options like date, start date,

00:38.270 --> 00:43.270
stop time, start time, stop month base and weekdays.

00:44.450 --> 00:50.720
You can see all options by running IP tables, minus MPM minus minus help.

00:57.010 --> 01:01.170
These are all options of minus time, Mitch.

01:02.800 --> 01:08.350
Now to that by default, net filter uses UTC internat the system time.

01:11.050 --> 01:16.090
On my computer, it's East European time, which means UTC plus two.

01:18.190 --> 01:22.270
So the UTC hour is 14, not 16.

01:24.840 --> 01:28.960
The minus minus casualties option makes a net filter.

01:28.980 --> 01:33.940
Use the system time instead of UTC time, but pay attention.

01:34.140 --> 01:42.090
I've seen different Linux distributions that used only UTC, even though kernel option was given.

01:42.660 --> 01:46.920
Let's move to a terminal and take a look at some examples.

01:48.650 --> 01:56.720
In the first example, I want to permit SSX traffic only between 10 a.m. and four p.m. on weekdays,

01:56.960 --> 02:04.970
and in the second example, I want to allow access to a specific website only after working hours we

02:04.970 --> 02:07.220
suppose that this machine is the router.

02:08.860 --> 02:13.510
I'll create a script and write all IP table rules in that script.

02:19.500 --> 02:26.820
First, we flash all changed because we executed the script many times and don't want the rules to be

02:26.820 --> 02:29.460
added each time we execute the script.

02:33.210 --> 02:42.490
We wanted to permit incoming SSX traffic only between 10:00 a.m. and 4:00 p.m. or 16 on weekdays, so

02:42.510 --> 02:50.520
IP tables minus the input, minus B, DCB minus minus deport 22.

02:51.000 --> 02:59.850
This is SSX traffic minus in time minus minus time start then Callon zero zero.

03:00.830 --> 03:08.120
And minus minus time stop 16, column zero zero minus eight, accept.

03:09.810 --> 03:13.260
Youth 24 hours format when writing the time.

03:14.940 --> 03:22.710
And another angle that drops packets, if time is not between that time interval, this is necessary

03:22.710 --> 03:25.290
only if the policy is set to accept.

03:26.570 --> 03:30.780
In fact, it's the same rule, but without the miners in time.

03:30.810 --> 03:31.220
Mitch.

03:33.800 --> 03:35.000
This is the second rule.

03:40.370 --> 03:42.320
And of course, the target is drop.

03:45.470 --> 03:53.600
The rule on line number six will drop packages that haven't been accepted by the rule on line five.

03:55.000 --> 03:59.080
I'm saving the script, then make it executable and run it.

04:08.250 --> 04:12.980
From the other Linux host, I'll connect to the firewall using SSX.

04:18.210 --> 04:28.800
And SSX is working, Bexxar permitted, I'm listing the five year old and we notice that 13 packets

04:28.980 --> 04:34.650
have been accepted by the school, we are in that time interval.

04:36.990 --> 04:48.710
Look how it used UTC and the not East European time, so in fact, it's 14, not 16 to test it properly,

04:48.750 --> 04:52.830
I'll exchange the time when the whole of it accepts the traffic is active.

04:57.450 --> 05:02.610
Let's say that the traffic will be permitted only between three and five a.m..

05:07.440 --> 05:10.920
Three and times stop his five.

05:12.020 --> 05:17.060
This is A.M. time I'm saving it and then run it again.

05:21.370 --> 05:28.350
From Lennox to I try to connect using SSX to Linux one, and it's not working.

05:29.580 --> 05:34.820
The rule of it accepts SSX traffic is not active at this time.

05:45.030 --> 05:49.140
It's active only between three and five UTC.

05:50.490 --> 05:54.050
We notice five dropped packets by the second rule.

05:55.820 --> 06:04.390
Let's move on to the second desk, we want to allow access to a specific website, let's say www.youtube.com

06:04.400 --> 06:10.540
only after working hours, this machine is there out there, and this is about the traffic and that

06:10.550 --> 06:11.960
means the chain.

06:13.590 --> 06:23.340
In the same script, I led a rule to force chain that makes his ETOPS traffic to www.youtube.com.

06:25.380 --> 06:39.140
IP table is minus a fourth minus BTP minus minus the port, four for three, this is minus D w w w dot

06:39.180 --> 06:48.360
Ubuntu dot com and now max related to time minus same time, minus minus time start.

06:49.610 --> 07:02.480
Eighteen, this means six pm, UTC minus minus time stop eight zero zero minus G accept and the rule

07:02.480 --> 07:11.960
that drops outgoing traffic to www.youtube.com this is the traffic that hasn't been accepted by the

07:11.960 --> 07:12.510
first world.

07:20.260 --> 07:24.280
This is the second call and it has the drop target.

07:26.400 --> 07:35.310
If the destination IP address is the of the domain www.youtube.com and time is between 18 and eight,

07:35.520 --> 07:41.040
the packet will be accepted, otherwise it will be dropped by the online 10.

07:42.270 --> 07:45.090
I'm saving the script and the running it.

07:51.340 --> 08:02.440
We noticed the rules that accept packages destined to the IP addresses of www.youtube.com between 18

08:02.650 --> 08:10.870
and eight UTC and those that are dropping the traffic to the same domain name or the same IP addresses

08:11.290 --> 08:14.230
if the time is not in that interval.