-
Create hours ranges for your week in e-smith including "closing hours" as:
for day_of_week in 1 2 3 4 5 6; do /sbin/e-smith/db /var/lib/nethserver/db/weekly-hours set $day_of_week timing 1 8:00 2 9:00 3 10:00 4 11:00 5 12:00 close1 13:30 6 14:00 7 15:00 8 16:00 9 17:00 10 18:00 close2 19:00; done -
Define some firewall objects as "iprange" starting with
lab_ -
Define some firewall rules that match those "iprange" as Src
-
Place this directory in
/usr/share/cockpitof your NethSecurity firewall
and ... enjoy!
Rules may not be applied synchronously, because there is a (inotify) trigger when the plan is updated. The trigger checks if it is the time of updating firewall rules, in that case, it sleeps 1 minute and then apply the new plan.
When the plan is updated, the script update-plan.py creates systemd timers corresponding to services
(ending with '@')
all created in/etc/systemd/system/:
fwrules-enable: 15 mins before starting hourfwrules-disable: 15 mins after ending hour
Services then are invoked with rules list separated by comma as aliases (i.e.: fwrules-enable@2,3,4 to enable rules 2 and 3 and 4)
And they in turn calls the script bin/apply-rules.py [enable|disable] [rules1,..,rulesN]
yum install python-pip
pip install python-inotify
#1. Add users to a dedicated group (i.e: "docenti")
#2. Copy 99_nethserver_fwrules.sudoers in /etc/sudoers.d/99_nethserver_fwrules (WARNING: remove ".sudoers" extension)
#Optional: if you want to enable all rules at midnight
#3. Copy nethserver_fwrules.cron in /etc/cron.d/nethserver_fwrules