When configuring services on the firewall you will frequently come across `When Allowed' fields, which restrict the times and days of week when access is granted, by means of a colon-separated list of zero or more day-of-week/time-of-day specifications.
Each day-of-week/time-of-day specification consists of two subfields separated by a slash. The left subfield is a comma-separated list of one or more weekdays or ranges of weekdays, and the right subfield is a comma-separated list of time ranges. Within a day-of-week specification, `*' stands for `any day', the numbers 0 and 7 both stand for Sunday, the numbers 1 to 6 stand for Monday to Saturday, and two days separated by a `-' stand for a range. Within a time-of-day specification, `*' stands for any time, numbers 0 to 24 stand for hours, 0.00 to 24.00 stand for hours and minutes, and two times separated by a `-' stand for a range.
The default is `*/*'; that is, any time of day on any day of the week. If the first character is `-', this means never allow access.
Some examples should help to illustrate:
| - | Never |
| /* | Always |
| /10-14 | 10 a.m. to 2 p.m. on any day |
| /0-8,17.30-24 | Before 8 a.m. or after 5:30 p.m. on any day |
| 1-5/0-8,17-24:6,7/* | Before 8 a.m. or after 5 p.m. on any weekday, |
| or any time on the weekend |
The Time Classes Screen (see Figure 4.45) allows you to define time specifications and associate them with names. Once you have defined some time classes, you can use them wherever a normal time specification is used, by entering the name surrounded by square braces (e.g. `[afterhours]'). This allows you to change the times associated with a whole group of services by changing only one entry.
You can hit F4 in this screen to get a graphic visualisation of the times allowed by a particular time specification (see Figure 4.46); this can be useful for checking the correctness of complex time specifications. The graphical display uses a granularity of 30 minutes, and displays a `#' if access is allowed for the entire 30 minute interval, or a `+' if it is allowed for part of the interval.
![\includegraphics[width=14cm,height=10cm]{whenspec.ps}](img66.png)
![\includegraphics[width=14cm,height=10cm]{viewspec.ps}](img67.png)