|
|
|
Re: Iptables "-m time" option doesn't update when the clock changes | |
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] | |
Hi Jan On 29/03/12 11:00, Jan Engelhardt wrote:
</snip>
Thanks for taking the time to give a detailed reply. Just to make sure I understand correctly - would this mean that there is no reliable way to run time based iptables rules and have them keep up with DST changes correctly and automatically - without restarting the machine when the DST kicks in or out?The caveat with the kernel timezone is that Linux distributions may ignore to set the kernel timezone, and instead only set the system time. Even if a particular distribution does set the timezone at boot, it is usually does not keep the kernel timezone offset - which is what changes on DST - up to date. ntpd will not touch the kernel timezone, so running it will not resolve the issue. As such, one may encounter a timezone that is always +0000, or one that is wrong half of the time of the year. As such, using --kerneltz is highly discouraged.
Sebastian -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
|
|