What's new

Is blacklist enabled 24hrs?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Zonkd

Very Senior Member
If the Network Services Filter blacklist is enabled from 00:00 to 23:59 (the default) will it also work in that last minute to midnight, from 23:59 to 0:00? Or can I expect a problem with it failing? How do we get it to block devices from WAN 24/7 without failing?

Thanks if anyone can clarify,

Cheers!

Using Merlin version 384.5
 
00:00 to 23:59 covers the 24 hours: every day starts and ends with midnight, ergo the two notations 00:00 and 24:00 are available to distinguish the two midnight that can be associated with one date, which means you can refer to exactly the same point in time with 15-01-2018 24:00 = 16-01-2018 00:00

Digital clocks usually display 00:00 ad not 24:00.

Hope it makes sense.
 
00:00 to 23:59 covers the 24 hours:
Not true. 23:59 is not the same as 00:00.

@Zonkd It might be implemented differently depending on the firmware version. If you SSH into your router and issue the following command you can verify the rules it's created:

iptables-save

You might see some lines containing something like this:

--timestart 00:00:00 --timestop 20:59:00

Here we can see that an end time of 20:59 is actually 20:59:00.

However if you set the end time to 23:59 the router recognises this as a special case and the timestart/timestop parameters are not used at all and is therefore blocked continuously.
 
You said "00:00 to 23:59 covers the 24 hours". It doesn't.

It does, since after 23:59 comes 00:00, which is the start of the block.

Look at it this other way: how many minutes is there in the 00:00 to 00:09 range?

The answer is 10 minutes.
 
It does, since after 23:59 comes 00:00, which is the start of the block.
He appeared to be discussing the English-language (not router) use of "23:59". I was responding to that. "23:59" means "one minute to midnight", therefore it doesn't "cover 24 hours".

Look at it this other way: how many minutes is there in the 00:00 to 00:09 range?

The answer is 10 minutes.
Getting back to the router, this appears to be a difference in implementation between your firmware and John's. Your firmware (firewall.c) explicitly adds ":59" seconds to the stop time. John's firmware doesn't, so iptables adds a suffix of ":00" seconds.

So the answer to the question above in John's firmware is "9 minutes, not 10". These are the parameters John's firmware generates:

--timestart 00:00:00 --timestop 00:09:00

However as I mentioned in post #3, there is an exception (in both firmwares). If the stop time is "23:59" the --timestop parameter is omitted completely. iptables then generates its own stop time of "23:59:59".
 
Last edited:
He appeared to be discussing the English-language (not router) use of "23:59". I was responding to that. "23:59" means "one minute to midnight", therefore it doesn't "cover 24 hours".

Yes, and thank you to all of you who replied! Helps! :)
 
Getting back to the router, this appears to be a difference in implementation between your firmware and John's. Your firmware (firewall.c) explicitly adds ":59" seconds to the stop time. John's firmware doesn't, so iptables adds a suffix of ":00" seconds.
Opinion? Something worthwhile to backport?
 
Opinion? Something worthwhile to backport?
Personally,
a) I don't use the timeslots so my opinion is probably irrelevant.:D
b) If I was looking at this for this first time I would expect "17:59" to mean "17:59:00" irrespective of whether it was a start of stop time.
c) It would (and did) confuse me how I could enter midnight though. As it happens that is a special case, so perhaps just a message on the web page explaining it would be enough.

But realistically, does anyone care about 60 seconds one way or the other?:) As a programmer I'd want to stay with the current, more straight forward code.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top