This document describes how individual firewall rules can be configured for=
time-controlled activation and deactivation by means of the cron table.
Requirements:
Procedure:
1) The first step is to configure a firewall rule that is to be activated o=
r deactivated depending on the time. A deny-all rule is co=
nfigured in this example.
2) In the Configuration dialog of the LANCOM router, navigate to the menu <=
strong>Firewall/QOS =E2=86=92 Rules and then click on the =
Rules button.
4) On the
General tab, set a
Name for this rule (e.g. DENY-All). Then go to the Actions tab and acc=
ess the settings for the action object REJECT.=20
5) On the Stations tab, select under Connection=
source the option Connections from all stations =
and under Connection destination set the option Co=
nnections to all stations.
6) On the Services tab, specify that the rule applies f=
or all protocols/source services and all protocols=
/target services.
7) Then click on the OK button and exit the dia=
log for configuring the firewall rules.
8) Cron table operations are time dependent, so it is necessary to synch=
ronize the time via the router's NTP client. You can configure an NTP serve=
r in the router under Date & Time =E2=86=92 Synchronization
9) Enable the option Synchronize to a time server using NTP at r=
egular intervals and then click on the Time server button.
10) Add any time server from the list. Then close the dialog with OK
.
11) The next step is to go to the menu Date & Time =E2=86=92=
General and enter the following into the Cron table.
12) In this example, the firewall rule named DENY-ALL i=
s automatically enabled at 02:00 AM. Enter the appropriate values under Hours and Minutes. In the Commands <=
/strong>field, enter the shell command that enables the firewall rule.
The syntax is set Setup/IP-Router/Fi=
rewall/Rules/DENY-ALL {Firewall-Rule} Yes.
13) This rule only applies for new sessions. Existing connections can co=
ntinue to be used. In order to disconnect these too, we recommend that you =
program an interruption of your Internet connection. To do this, create ano=
ther entry in the Cron table as follows:
The syntax in the Commands field is do /o/m/d &=
lt;name of Internet remote peer> (e.g. INTERNET).
14) In this example, the firewall rule named DENY-ALL i=
s automatically enabled at 6:00 AM. You will need to add a new entry to the=
cron table and enter the corresponding time in Hours and =
Minutes. In the Commands field, enter the=
shell command that disables the firewall rule.
The syntax is set Setup/IP-Router/Fi=
rewall/Rules/DENY-ALL {Firewall-Rule} No.
15) Close all configuration dialogs and write the configuration back to =
the LANCOM router.