+- KeexyBox's forum (https://forum.keexybox.org)
+-- Forum: Connection settings (https://forum.keexybox.org/Forum-Connection-settings)
+--- Forum: Profiles (https://forum.keexybox.org/Forum-Profiles)
+--- Thread: iptables issue with timestart-timestop due to timezone (/Thread-iptables-issue-with-timestart-timestop-due-to-timezone)
iptables issue with timestart-timestop due to timezone - rdavila - 01-12-2023
Hello everyone,
I found an issue that seems to be caused by iptables, but I wanted to check if it's known and if there are any workarounds.
My timezone is EST, which at the moment is UTC -05:00
I create a Schedule to give access on Wednesday from 18:00 to 20:00 EST.
This translates to Wednesday 23:00 to Thursday 01:00 UTC.
When I apply the Profile to a Device, it gets blocked at 19:00 EST.
The problem seems to be that the timestart and timestop parameters to iptables are translated to UTC, and this breaks the access.
Below is the iptables line created by KeexyBox.
-A FORWARD -m mac --mac-source nn:nn:nn:nn:nn:nn -m time --timestart 23:00:00 --timestop 01:00:00 --weekdays Wed -j 49_FORWARD
When the time is 19:00 EST, I think the following is what iptables interprets:
- Time is 00:00 UTC
- The timestart parameter is 23:00:00
- 00:00 is before the timestart parameter
- iptables decides that the rule does not apply
I hope this all made sense :-)
RE: iptables issue with timestart-timestop due to timezone - rdavila - 02-05-2023
Well... There doesn't seem to be a fix for this at the moment.
I did find a workaround, which is to create two schedules in the same profile.
Following the example above of covering Wednesday 18:00 EST to 20:00 EST.
This translates to Wednesday 23:00 UTC to Thursday 01:00 UTC, which is a problem for iptables.
The workaround is to create two schedules in the following way:
- Wednesday 18:00 EST to 19:00 EST which translates to Wednesday 23:00 to Thursday 00:00 UTC
- Wednesday 19:00 EST to 20:00 EST which translates to Thursday 00:00 to Thursday 01:00 UTC
This effectively covers the intended schedule of Wednesday 18:00 to 20:00 EST.
I hope this helps anyone out there with the same issue :-)