Method and terminal for enabling iptables rule to support local time

Abstract

The invention provides a method and a terminal for enabling an iptables rule to support local time. The method comprises the following steps of: initializing an operating system, and setting time of the operating system and time zone information of the operating system; acquiring the time of the operating system and the time zone information of the operating system in a user mode; configuring thetime zone information of the operating system to a kernel; setting the iptables rule of the firewall, wherein the iptables rule is a rule about expected time control, and the expected time IS set according to a time zone set by the operating system; receiving a message by means of the kernel; converting world unified time UTC in the message into the time in the time zone set by the operating system according to the configured time zone information by means of the kernel; matching the time obtained by conversion with the expected time to obtain a matching result by means of the kernel; and releasing or discarding the message according to the matching result and the iptables rule of the firewall. The method solves many problems in the prior art, greatly simplifies the use difficulty of the iptables firewall based on time control, improves the work efficiency, and reduces the probability of configuration errors.

Description

technical field [0001] The invention relates to the technical field of communication, in particular to a method and a terminal for allowing iptables rules to support local time. Background technique [0002] As a widely used firewall configuration tool on the Linux system, iptables provides a wealth of modules to configure various rules to achieve the filtering goals of various network packets. Its time matching extension module enriches the control means of iptables. It can control the message according to the time information. For example, if you want to control the time period from 9:00 to 10:00, you can not go online, and you can go online normally at other times. You can use The time extension module of iptables is configured with the following rules: iptables-t filter-A OUTPUT-p tcp--dport 80-m time–timestart9:00--timestop 10:00-j DROP, according to common understanding, this rule is in 9: During the time period from 00 to 10:00, the rule should be hit, and the packet...

AI Technical Summary

Problems solved by technology

[0004] 1. Using UTC time does not conform to common habits

[0005] 2. Manual conversion of UTC time is prone to calculation errors

[0006] 3. The time displayed by iptables is inconsistent with the system time, which is not conducive to management and maintenance

[0007] 4. When the converted UTC time spans days, for example, 2:00 to 12:00 Beijing time is converted to UTC time from 18:00 to 4:00 of the previous day. At this time, iptables configuration is more troublesome

[0008] 5. When time is used together with options such as monthdays / weekdays / datestart, there will be cases of crossing days, weeks, and months. The rules and commands of iptables will be extremely complicated, and it is difficult to configure them correctly

Images