Hi,
I tried to search for this in the forum and google, but haven't found anything satisfying...

Is there a way to set some kind of expiry date for filter, nat and mangle rules? Would be very useful to have a rule disabled after that date.
I'm thinking about something like the timeout in address list, which will disable the rule instead of remove it.

Maybe this could be achieved using scripts, but for now I have found this way very confusing, and didn't help to keep configuration clean.

Any thoughts or suggestions?

If you were clever, and your specific requirement suited such a strategy, you could configure your rules to use address lists instead of addresses, and then populate those address lists with expiring entries. Otherwise, I can't think of anything short of scripting.

Well... I've already tried this solution, but didn't help much.

For example, in case of a d-nat rule which redirect all from input of an interface to a web-server:

chain=dstnat action=dst-nat to-addresses=192.168.220.30 protocol=tcp in-interface-list=Develop dst-port=80 log=no log-prefix=""

In this case can't use address-lists.

And yet that rule DOES take a dst-address-list argument that has to be matched in order to invoke it... so put the router's own WAN address in an address list with an expiration time (in addition to a non-expiring bogus address, just to be safe) and the dst-nat will stop working when that entry expires.

Good tip!
So, as long as I can use address-list, the "expiration date" can be achieved.
Thanks @macsrwe

Anyway, I take this opportunity to request or at least suggest, to consider this "exipired time" in rules for filters, nat and mangle, so it could meybe have a graphic worning (red text?) for those expired rules.

Does anyone think this could be useful?

Thanks!

Maybe it would be worthwhile if you could describe a situation that would require a NAT rule to deactivate itself after a specific period, because my imagination is failing me.