iptables issue with timestart-timestop due to timezone

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
#1
Hello everyone,

I found an issue that seems to be caused by iptables, but I wanted to check if it's known and if there are any workarounds.

My timezone is EST, which at the moment is UTC -05:00
I create a Schedule to give access on Wednesday from 18:00 to 20:00 EST.
This translates to Wednesday 23:00 to Thursday 01:00 UTC.

When I apply the Profile to a Device, it gets blocked at 19:00 EST.

The problem seems to be that the timestart and timestop parameters to iptables are translated to UTC, and this breaks the access.

Below is the iptables line created by KeexyBox.
-A FORWARD -m mac --mac-source nn:nn:nn:nn:nn:nn -m time --timestart 23:00:00 --timestop 01:00:00 --weekdays Wed -j 49_FORWARD

When the time is 19:00 EST, I think the following is what iptables interprets:
  • Time is 00:00 UTC
  • The timestart parameter is 23:00:00
  • 00:00 is before the timestart parameter
  • iptables decides that the rule does not apply

I hope this all made sense :-)
Reply
#1
Hello everyone,

I found an issue that seems to be caused by iptables, but I wanted to check if it's known and if there are any workarounds.

My timezone is EST, which at the moment is UTC -05:00
I create a Schedule to give access on Wednesday from 18:00 to 20:00 EST.
This translates to Wednesday 23:00 to Thursday 01:00 UTC.

When I apply the Profile to a Device, it gets blocked at 19:00 EST.

The problem seems to be that the timestart and timestop parameters to iptables are translated to UTC, and this breaks the access.

Below is the iptables line created by KeexyBox.
-A FORWARD -m mac --mac-source nn:nn:nn:nn:nn:nn -m time --timestart 23:00:00 --timestop 01:00:00 --weekdays Wed -j 49_FORWARD

When the time is 19:00 EST, I think the following is what iptables interprets:
  • Time is 00:00 UTC
  • The timestart parameter is 23:00:00
  • 00:00 is before the timestart parameter
  • iptables decides that the rule does not apply

I hope this all made sense :-)
Reply
#2
Well...  There doesn't seem to be a fix for this at the moment.
I did find a workaround, which is to create two schedules in the same profile.

Following the example above of covering Wednesday 18:00 EST to 20:00 EST.
This translates to Wednesday 23:00 UTC to Thursday 01:00 UTC, which is a problem for iptables.
The workaround is to create two schedules in the following way:
- Wednesday 18:00 EST to 19:00 EST which translates to Wednesday 23:00 to Thursday 00:00 UTC
- Wednesday 19:00 EST to 20:00 EST which translates to Thursday 00:00 to Thursday 01:00 UTC

This effectively covers the intended schedule of Wednesday 18:00 to 20:00 EST.

I hope this helps anyone out there with the same issue :-)
Reply
#2
Well...  There doesn't seem to be a fix for this at the moment.
I did find a workaround, which is to create two schedules in the same profile.

Following the example above of covering Wednesday 18:00 EST to 20:00 EST.
This translates to Wednesday 23:00 UTC to Thursday 01:00 UTC, which is a problem for iptables.
The workaround is to create two schedules in the following way:
- Wednesday 18:00 EST to 19:00 EST which translates to Wednesday 23:00 to Thursday 00:00 UTC
- Wednesday 19:00 EST to 20:00 EST which translates to Thursday 00:00 to Thursday 01:00 UTC

This effectively covers the intended schedule of Wednesday 18:00 to 20:00 EST.

I hope this helps anyone out there with the same issue :-)
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)