@jimp said in Scheduled port forwarding, possible with pfSense?:

Add a port forward as usual, and then apply a schedule to the firewall rule that allows traffic through the port forward. Then it will be off when you want it off, on when you want it on.

It doesn't matter that the port forward itself is always active if no traffic is passed through it.

cheers for the reply!, i have bookmarked this thread and will give it a whirl once i get my box, really glad pfsense allows you to do this as i think restricting port forwarding adds (albeit a small amount) additional security.

Thanks again!.

Thank you all for the clarifications.

This thread is 2 years old, and the OP never came back... If you have questions on how to best leverage pfsense in your environment I suggest you start your own thread detailing your network and any questions you have on how to best do some specific sort of thing your wanting to accomplish.

To your question of squid, squid is a proxy package that can be used to filter access based upon a url that someone might access.. Like blocking access to www.facebook.com or only allowing access to say www.kidsafedomain.tld

But to be honest, some of these sorts of features are more advanced than many users (without networking experience) understand and would come with a steep learning curve if not already up to speed. Asking what squid is - points to not having the basic skilsets that would make deployment of such features an easy solution.. You might be better suited with a more home "user" sort of device - there are many "home" friendly devices with interfaces designed for point and click control of what kids can access..

Maybe something of such a list of devices will be of help
https://www.fatherly.com/gear/best-parental-control-devices-routers/

Thanks! I wouldn't mind your feedback on findings of the watchdog/bypass configuration. One simply doesn't know, when he meets the 1% he needs it for :)

pfSense, or actually whatever OS you put on your device, can't stop the BIOS from booting.
The BIOS will even work with no disks or drives in your system.
The BIOS not running means hardware issues or .... true : no power.

You can block Windows Update with squid

SPAM you think. Ok, I'll delete the post, no problem.

@chrismurph

Sep 2 13:03:03 kernel code segment = base 0x0, limit 0xfffff, type 0x1b
Sep 2 13:03:03 kernel frame pointer = 0x28:0xfffffe024b676f70
Sep 2 13:03:03 kernel stack pointer = 0x28:0xfffffe024b676ef0
Sep 2 13:03:03 kernel instruction pointer = 0x20:0xffffffff80ea3ea5
Sep 2 13:03:03 kernel fault code = supervisor read data, page not present
Sep 2 13:03:03 kernel fault virtual address = 0x0
Sep 2 13:03:03 kernel cpuid = 2; apic id = 02
Sep 2 13:03:03 kernel Fatal trap 12: page fault while in kernel mode

Looks like faulty RAM for me ... IMHO
Maybe you can run a memtest at boot?

@beremonavabi Well it seems I have overlooked something. Indeed the Font Smoothing was not marked.

Thank you for those who took effort to read my post.

Thank you

And not sure how dev testing software in real would require domain admin

Our software is used exclusively in AD networks, so testing involves having servers that are part of the domain. When you're testing with virtual machines that are part of a domain and you roll back to a previous snapshot, the domain trust is broken and you have to remove and then re-add the server to the domain. Plus, our solution relies on Microsoft DFS Namespace support, and I don't want them playing around with that on our real domain. That's why they need domain admin for some things. I know that I could probably design something else but this is the way it's always been done since before my time, and I'm planning on redoing EVERYTHING this Fall when Server 2019 comes out, so I'd rather not make any changes to what we have that works now.

Mainly the split-DNS issue.

OK then, I'm not concerned. I literally have two NATs to worry about, so split DNS for those will take 2 seconds to create and will likely never update.

I think I will stick with the single forest-single domain model. Thanks again, guys.

Windows did a similar thing for me. Constant reboot+update loop. Turned out one of the Windows Features installed was incompatible with the update and I had to uninstall the feature first. I found this out by looking into the upgrade log and seeing why it failed. Luckily mine was on an NVME Samsung Pro SSD.

You prob not going to get much traction on such a question.. As stated you prob better off asking on dedicated android or openvpn forum for such a question.

Another spammer just hit this thread ;)

We should just prob ban the IN and PK... seems all that comes out of there is junk.

And we should prob just remove ALL of the accounts with zero posts to be honest. There is zero reason to have an account i your not going to post. There is no content here that requires you log in to see.. I have been watching the users as they get created... Lot of them are sneaky and just wan their whatever info listed.. And they don't even post anything. While signature and stuff helps... Just the username is used to try and up their google hits, etc.

And how would we know - you haven't given us details of your needs or budget.. Without that info then get the Pro version.

I Need Cloud VPN Guidance.