Firewall faild to Time restrict of internet access

Mike17 · June 26, 2022, 10:45am

Hi
I use iptables to add a rules to block DNS udp packet as the following

iptables -A parentalctrl -p udp -m udp --dport 53 -m mac --mac-source 84:C7:EA:35:9A:07 -m time --kerneltz --timestart 17:30:00 --timestop 18:30:00 --weekdays Sat  -j ACCEPT

iptables -A parentalctrl -p udp -m udp --dport 53 -m mac --mac-source 84:C7:EA:35:9A:07 -j DROP

But it always doesn't meet the first one rule , so all the package will be drop

I did set the timezone, so i enter date command will get the correct answer / Preformatted text# date Sun Jun 26 18:43:47 CST 2022

`# date
Sun Jun 26 18:43:47 CST 2022`

Is there any setting i miss to set?

thanks

pavelgl · June 26, 2022, 10:59am

Pointing out the obvious, this rule will only work on Saturdays from 17:30 to 18:30.

When did you make the tests?

Mike17 · June 26, 2022, 12:49pm

Hi Pavelgl
I test it on this duration Saturdays，when i add these rule, the package will be drop, i don'tknow whether i set it wrong or i need to change system time?

Mike17 · June 26, 2022, 12:57pm

According to the following OpenWRT URL, how can i verify my setting is correct?

Verify that your router has the correct time and timezone.

pavelgl · June 26, 2022, 1:42pm

Is this for lab purposes, or you really need to implement some parental control rules?
There is a guide for that. Blocking DNS queries to the router itself is not the best approach.

This should make the rule use the local time (what is displayed by the date command) and not UTC.

If you want to investigate the causes of the problem, post the output of the following commands:

iptables -nvL INPUT; iptables -nvL parentalctrl