I have a little problem with the LEDE 17.01.4 r3560 firewall.
I want to cut off internet for some mac address at specific times.
I created a file cronfw.sh with inside:
Insert rule for forwarding established connection traffic, just before the final rule (reject)
new_rule_num=$(iptables -v -L FORWARD --line-numbers | grep reject | cut -c1)
iptables -I FORWARD $new_rule_num -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# Delete first rule for forwarding established connection traffic
old_rule_num=$(iptables -v -L FORWARD --line-numbers | grep ESTABLISHED | cut -c1 | sed -n 1p)
iptables -D FORWARD $old_rule_num
I installed the file cronfw.sh in ect/ with scp
I added in the screduled task: */5 * * * * * * /etc/cronfw.sh
Then I created my rules
It works but not completely:
the internet is allowed at the right time and cut off at the right time but not current connections
I explain myself: if a new request is made after the hour this one is cut but a connection in progress, like a download / streaming / games session ect, is not cut.
I am forced to make a restart of the firewall in lede system/startup