1 Ensure that time constraints are properly rendered.
5 include("./root/usr/share/firewall4/main.uc", {
6 getenv: function(varname) {
16 -- File uci/helpers.json --
20 -- File uci/firewall.json --
24 ".description": "Check parsing a complete ISO datetime stamp",
25 "name": "Time rule #1",
27 "start_date": "2022-05-30T21:51:23",
31 ".description": "Check parsing a datetime stamp without seconds",
32 "name": "Time rule #2",
34 "start_date": "2022-05-30T21:51",
38 ".description": "Check parsing a datetime stamp without minutes and seconds",
39 "name": "Time rule #3",
41 "start_date": "2022-05-30T21",
45 ".description": "Check parsing a datetime stamp without time",
46 "name": "Time rule #4",
48 "start_date": "2022-05-30",
52 ".description": "Check parsing a datetime stamp without day and time",
53 "name": "Time rule #5",
55 "start_date": "2022-05",
59 ".description": "Check parsing a datetime stamp without month, day and time",
60 "name": "Time rule #6",
67 ".description": "Check parsing a complete timestamp",
68 "name": "Time rule #7",
70 "start_time": "21:51:23",
74 ".description": "Check parsing a timestamp without seconds",
75 "name": "Time rule #8",
77 "start_time": "21:51",
81 ".description": "Check parsing a timestamp without minutes and seconds",
82 "name": "Time rule #9",
89 ".description": "Check emitting datetime ranges",
90 "name": "Time rule #10",
92 "start_date": "2022-05-30T21:51:23",
93 "stop_date": "2022-06-01T23:51:23",
97 ".description": "Check emitting time ranges",
98 "name": "Time rule #11",
100 "start_time": "21:51:23",
101 "stop_time": "23:51:23",
106 ".description": "Check parsing weekdays",
107 "name": "Time rule #12",
109 "weekdays": "Monday tuEsday wed SUN Th",
130 include "/etc/nftables.d/*.nft"
138 type filter hook input priority filter; policy drop;
140 iifname "lo" accept comment "!fw4: Accept traffic from loopback"
142 ct state vmap { established : accept, related : accept } comment "!fw4: Handle inbound flows"
146 type filter hook forward priority filter; policy drop;
148 ct state vmap { established : accept, related : accept } comment "!fw4: Handle forwarded flows"
152 type filter hook output priority filter; policy drop;
154 oifname "lo" accept comment "!fw4: Accept traffic towards loopback"
156 ct state vmap { established : accept, related : accept } comment "!fw4: Handle outbound flows"
157 meta time >= "2022-05-30 21:51:23" counter accept comment "!fw4: Time rule #1"
158 meta time >= "2022-05-30 21:51:00" counter accept comment "!fw4: Time rule #2"
159 meta time >= "2022-05-30 21:00:00" counter accept comment "!fw4: Time rule #3"
160 meta time >= "2022-05-30 00:00:00" counter accept comment "!fw4: Time rule #4"
161 meta time >= "2022-05-01 00:00:00" counter accept comment "!fw4: Time rule #5"
162 meta time >= "2022-01-01 00:00:00" counter accept comment "!fw4: Time rule #6"
163 meta hour >= "21:51:23" counter accept comment "!fw4: Time rule #7"
164 meta hour >= "21:51:00" counter accept comment "!fw4: Time rule #8"
165 meta hour >= "21:00:00" counter accept comment "!fw4: Time rule #9"
166 meta time "2022-05-30 21:51:23"-"2022-06-01 23:51:23" counter accept comment "!fw4: Time rule #10"
167 meta hour "21:51:23"-"23:51:23" counter accept comment "!fw4: Time rule #11"
168 meta day { "Monday", "Tuesday", "Wednesday", "Sunday", "Thursday" } counter accept comment "!fw4: Time rule #12"
172 type filter hook prerouting priority filter; policy accept;
175 chain handle_reject {
176 meta l4proto tcp reject with tcp reset comment "!fw4: Reject TCP traffic"
177 reject with icmpx type port-unreachable comment "!fw4: Reject any other traffic"
186 type nat hook prerouting priority dstnat; policy accept;
190 type nat hook postrouting priority srcnat; policy accept;
195 # Raw rules (notrack)
198 chain raw_prerouting {
199 type filter hook prerouting priority raw; policy accept;
203 type filter hook output priority raw; policy accept;
211 chain mangle_prerouting {
212 type filter hook prerouting priority mangle; policy accept;
215 chain mangle_postrouting {
216 type filter hook postrouting priority mangle; policy accept;
220 type filter hook input priority mangle; policy accept;
223 chain mangle_output {
224 type route hook output priority mangle; policy accept;
227 chain mangle_forward {
228 type filter hook forward priority mangle; policy accept;