I got a requirement to block all public access via port 443 for a maintenance window, so the developer can deploy and troubleshoot their application without any intervention from external unknown access by public
Instead of messing with the network team, we take it on a lower level, iptables!
# iptables -A INPUT -p tcp -m multiport --dports 443 -m time --timestart 18:00:00 --timestop 20:00:00 -j DROP
Explanation
- Append current set of rules in INPUT chain,
-A INPUT - The rule looking for connection that using TCP protocol,
-p tcp - Support multiple port, one of the port is 443,
-m multiport --dports 443 - Between 18:00:00UTC and 20:00:00UTC,
-m time --timestart 18:00:00 --timestop 20:00:00 - And drop the connection,
-j DROP
Note: above timestart and timestop in iptables is using UTC, thus need to adjust the actual time according to your machine timezone.
Note: above iptables rule will block all incoming traffic to port 443, even from localhost. So make sure you have precede a rule that allow traffic from localhost..