Parental controls, blocking access during specific time of the day
-
I couldn't find the stinking schedule selection!
It's at the bottom of the rule page:
-
If I did that they'd just shut off wifi and use cellular data.
My kids phone is republic Wireless. No data, only text and voice ($10/month, can't beat it) :) Wifi goes down, so does all the fun stuff on his phone!
-
You can either shut off or limit data on most of the major cellular carriers. One of our kids smart phones is on Sprint with no data. As I remember, you could restrict it on Verizon but had to pay for a parental control feature.
-
Follow up!
This has worked great, but I have notice that if he is playing an online game at the time internet shuts off, he can continue playing with no issues. If he turns off the game, he cannot reconnect or start a new one (same with Skype, a conversation won't be interrupted, but if he hangs up and tries to start a new call, it fails).
How do I shut off all internet completely at the designated time? This only appears to stop new connections, it doesn't kill existing ones.
Thanks!
-
I'm looking for a way to deny access to the internet from midnight - 6PM, turn it on until 9PM, then back off til Midnight Sun-Thur.
Schedule pass rules, not block rules.
Instead of blocking access, schedule pass rules from 1800 - 2100. Otherwise block.
-
I'm looking for a way to deny access to the internet from midnight - 6PM, turn it on until 9PM, then back off til Midnight Sun-Thur.
Schedule pass rules, not block rules.
Instead of blocking access, schedule pass rules from 1800 - 2100. Otherwise block.
Can you be a little more specific? That doesn't make sense.
-
States created by scheduled pass rules are automatically deleted when the rule expires. States created due to the absence of a scheduled block rule are not deleted when the block rule schedule fires.
So if you want to block access to port 80 except during the hours of 1800-2100 do this:
Pass tcp source KID network dest any port 80 schedule 1800-2100
Reject tcp source KID network dest any port 80 no schedule.When 2100 comes around all the states created by that scheduled rule will be deleted, stopping current connections.
New connections will no longer match the scheduled rule will fall through to the reject rule and will be rejected.
-
States created by scheduled pass rules are automatically deleted when the rule expires. States created due to the absence of a scheduled block rule are not deleted when the block rule schedule fires.
So if you want to block access to port 80 except during the hours of 1800-2100 do this:
Pass tcp source KID network dest any port 80 schedule 1800-2100
Reject tcp source KID network dest any port 80 no schedule.When 2100 comes around all the states created by that scheduled rule will be deleted, stopping current connections.
New connections will no longer match the scheduled rule will fall through to the reject rule and will be rejected.
Understood!
In this case, I want to kill all traffic on 2 mac addresses/IP's. Same process?
-
The rules match what the rules match. Instead of my made up KID Network use whatever IP addresses, networks, or aliases you want.
-
This has worked great, but I have notice that if he is playing an online game at the time internet shuts off, he can continue playing with no issues. If he turns off the game, he cannot reconnect or start a new one (same with Skype, a conversation won't be interrupted, but if he hangs up and tries to start a new call, it fails).
What version of pfsense do you have installed?
The killing off of existing states works in 2.2.3 and above. Its a change of behaviour in PF the packet filter shipped in FreeBSD 10.1.
In 2.2.3 the lanside or optx states will be killed, but the wanside states wont be killed so if you have a vpn, the problem there is the VPN's between two sites will stay active and cause problems but for what you want, 2.2.3 or later will be good. -
States created by scheduled pass rules are automatically deleted when the rule expires. States created due to the absence of a scheduled block rule are not deleted when the block rule schedule fires.
So if you want to block access to port 80 except during the hours of 1800-2100 do this:
Pass tcp source KID network dest any port 80 schedule 1800-2100
Reject tcp source KID network dest any port 80 no schedule.When 2100 comes around all the states created by that scheduled rule will be deleted, stopping current connections.
New connections will no longer match the scheduled rule will fall through to the reject rule and will be rejected.
Had the same issue with my daughter playing CoD/CS ! Thanks for the detailed explanation !
