On Wed, 5 Apr 2017 22:44:54 +0000 (UTC)
Stuart Henderson <s...@spacehopper.org> wrote:
> On 2017-04-05, <bytevolc...@safe-mail.net>
> <bytevolc...@safe-mail.net> wrote:
> > I've been using a trick to emulate scheduled rules using IP
> > tables.
>
> Nice trick. Anchors are also good for this.
>
> But don't forget that active connections won't be dropped unless you
> also flush the relevant states.
>
Anchors do not work with securelevel=2. This trick works in
securelevel=2.
As for active connections, the goal here is to prevent new connections
being made after closing time. I don't want my connection to close just
because it is a few seconds after closing time, especially when I
already got in before the ports were closed. It may be worth closing
long-standing connections eventually though.
Maybe something like this:
0 18 * * * * root /sbin/pfctl -F states
