Block IPs based on TIME/CRON (Something wrong?)

2025-04-02

To the point: I want to be able to block an IP from
let's say 11pm - 07:30am. All the way at the bottom
I have 2 *.sh files.

If you want to know why here is why:

I have this client that has no clue, his PC probably
compromised and such. He has his PC check his email
every 3 minutes on an account he had with another
hosting company but no longer. He has his domain with
me and gave him an account based on his first 8 digits/letters
of his domain with a much harder password. Not sure how his PC
is trying to check email but he only has 2 POP accounts in his
outlook. His cable-modem account and my POP3/domain account.

I've got 2 files.

-- etcblock.sh
#!/bin/bash
# Block ETC from 11:00pm-07:30am via cron.
/sbin/iptables -A INPUT -d x.x.x.3 -j DROP

-- etcallow.sh
#!/bin/bash
# Allow ETC from 11:00pm-07:30am via cron.
/sbin/iptables -A INPUT -d x.x.x.3 -j ACCEPT

These are the crontab settings:

X X * * * /etc/rc.d/init.d/iptables Xyz
X X * * * /etc/rc.d/init.d/iptables Xyz
0 23 * * * /etc/cron.daily/etcblock.sh
30 7 * * * /etc/cron.daily/etcallow.sh

What I tried to do is stop/restart IPTables
at a certain time every day just in case I
lock myself out. It sounds funny/stupid
but it happens, better be safe than sorry.

Than at 23:00 I want to execute the etcblock.sh
and add the IP to the block list. Than at 07:30
do the Accept command and give him access to the
server again. That will cut a lot of time to look
through logs and filter out the 'real' thread
instead of this guy. I still see logs from that
IP address passed midnight.

What I think ends up happening is at the table rule
set at the bottom it adds a:
-A INPUT -d x.x.x.3 -j ACCEPT
-A INPUT -d x.x.x.3 -j DROP

Which the accept has priority over DROP therefore
the guys stills has access to the server.

There's got to be a script or a way to add/remove
the rule set.

Any feedback or suggestions are welcome.
Thanks.