iptable time module following incorrect time

[J. Bakshi]

Hello,

I have the following to block facebook during 9 AM to 6 PM

``````````````
iptables -I FORWARD -p tcp -m multiport --dport 80,443 -d 69.171.224.0/19 -m time \
--timestart 09:00 --timestop 18:00 -j REJECT
`````````````

But the time scheduled is followed incorrectly. The stat time activated at 1 PM and the stop time
at 23 PM. What is the wrong with time module ? The server timezone is set to Asia/Kolkata

Thanks


--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/20120227113...@shiva.selfip.org

[Bob Proulx]

J. Bakshi wrote:
> I have the following to block facebook during 9 AM to 6 PM
> iptables -I FORWARD -p tcp -m multiport --dport 80,443 -d 69.171.224.0/19 -m time \ --timestart 09:00 --timestop 18:00 -j REJECT
> But the time scheduled is followed incorrectly. The stat time
> activated at 1 PM and the stop time at 23 PM. What is the wrong with
> time module ? The server timezone is set to Asia/Kolkata

Isn't that the difference between you local timezone and UTC? I know
that --localtz is supposed to be the default but it is appearing as if
--utc is set there.

(And isn't your timezone +0530 not +0500 so shouldn't that have been
1:30 and 23:30?
$ TZ=Asia/Kolkata date -R -d 9:00
Mon, 27 Feb 2012 09:00:00 +0530
)

Try setting --localtz explicitly. Or try subtracting your timezone
+0530 from the timestart and timestop options with --timestart 03:30
--timestop 12:30. Or try setting the times in UTC.

Bob

[Dom]

On 27/02/12 06:07, J. Bakshi wrote:
>
> Hello,
>
> I have the following to block facebook during 9 AM to 6 PM
>
> ``````````````
> iptables -I FORWARD -p tcp -m multiport --dport 80,443 -d 69.171.224.0/19 -m time \
> --timestart 09:00 --timestop 18:00 -j REJECT
> `````````````
>
> But the time scheduled is followed incorrectly. The stat time activated at 1 PM and the stop time
> at 23 PM. What is the wrong with time module ? The server timezone is set to Asia/Kolkata
>
> Thanks
>
>

From man iptables:

"All times are interpreted as UTC by default."

--
Dom

--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org

Archive: http://lists.debian.org/4F4B3EF2...@rpdom.net

[Bob Proulx]

Dom wrote:
> From man iptables:
>
> "All times are interpreted as UTC by default."

Aha! This is a change beween Squeeze and Wheezy.
The Squeeze version says:

--localtz
Interpret the times given for --datestart, --datestop,
--timestart and --timestop to be local kernel
time. (Default)

But the Wheezy/Sid version does say utc as you indicate. And the
--utc and --localtz options have been removed. So this is a behavior
change between the Squeeze and Wheezy.

Bob

[J. Bakshi]

Many many thanks to all of you for pointing out the issue.
When I look into squeeze I get " --localtz"
BUT
in wheezy I get " --kerneltz"

In wheezy it also warns that

`````````````````````
The caveat with the kernel timezone is that Linux distributions may ignore to set the kernel timezone,
and instead only set the system time. Even if a particular distribution does set the timezone at boot, it
is usually does not keep the kernel timezone offset - which is what changes on DST - up to date.
ntpd will not touch the kernel timezone, so running it will not resolve the issue. As such, one may encounter a
timezone that is always +0000, or one that is wrong half of the time of the year.
As such, using --kerneltz is highly discouraged.

`````````````````

So I am continuing with UTC , once again thanks to all of you.

--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org

Archive: http://lists.debian.org/20120227144...@shiva.selfip.org