Skip to content

iptables time matches does not work, because kernel timezone is not set

Username: Anton Golubev

Origin: https://bugs.openwrt.org/index.php?do=details&task_id=1882

Openwrt kernel timezone is left to UTC despite UCI /etc/system timezone option

This affects iptables time matches thus requiring time argument specified in UTC.

The bug is still present in

LEDE 17.01.4, Reboot

and probably in the current trunk.

Proof:

root@bsb:~# logread | grep xt_time Wed Nov 26 18:16:39 2036 kern.info kernel: [ 16.468655] xt_time: kernel timezone is -0000

Sample firewall rule:

config rule option proto 'tcp udp icmp' option name 'Disable Internet at Night - Time Based Rule' option src 'lan' option dest 'wan' option target 'REJECT' option extra '-m time --kerneltz --timestart 22:35 --timestop 06:00' option enabled '1'

Workaround - run this at the startup (e.g. /etc/rc.local):

date -k

Description is based on (still valid) bug report:

External Linkhttps://dev.archive.openwrt.org/ticket/9657

Kind regards,

Anton