(Time) schedules: do they work for you?
-
Because they don't work for me :P
G'evening, lovers of the finest firewall in the world ;D
I was extremely charmed by the time schedule feature in the firewall. I think this is a great security feature. Disable all my wireless access points at night when WIFE and me are sleeping. Now you go and try to hack me, you hacker.
However, for me it isn't working :-\
I can easily create a schedule. It kicks in at the right time, but it doesn't release at the right time. To be honest, I think not at all.
Here is what I did:
- VLAN40 for smart phone (WIFE) and smart phone (me) as well as tablet (WIFE).
- Connected to Ubiquity WAP -> Switch -> pfSense.
- Set time zone from 22.00 (10 pm) to 08.00 (8 am). (This has to go in the form of two slots it appears, as the max time is 23.59. So it has to be 22.00-23.59, and 00.00-08.00).
- Add firewall block rule with this time schedule in VLAN40.
It bravely kicks in around 22.00, but it keeps on blocking way beyond 08.00 the next morning. At 11.30, everything was still blocked. On searching this forum I also set the schedule to 07.59 instead of 08.00, but this also didn't make a difference. Even resetting the states manually (diagnostics/states/reset) didn't. So I had to disable the rule, which is a pitty since I really love this functionality (as I love everything about pfSense ;D).
Also, I didn't understand the GUI completely. You can enter data per month. Does that mean you have to recreate your schedules 12 times a year?
I have searched this forum intensively, I saw quite some posts about the schedule feature, but many of them without replies. Would this mean the functionality is not very much supported? That would be a shame, as it is extremely great functionality :P
Thank you in advance for any replies ;D,
Bye,
-
To get a "forever" schedule you click on the day names at the top of the calendar. e.g. if you click on Mon, Tue, Wed, Thu and Fri then some time range you get a schedule that applies every Mon to Fri forever.
I have used scheduled rules to block things during office hours, and it works. I haven't done ones that apply over midnight. I will try something like that overnight and confirm the result. -
To get a "forever" schedule you click on the day names at the top of the calendar. e.g. if you click on Mon, Tue, Wed, Thu and Fri then some time range you get a schedule that applies every Mon to Fri forever.
I have used scheduled rules to block things during office hours, and it works. I haven't done ones that apply over midnight. I will try something like that overnight and confirm the result.Thank you for your reply, Phil ;D
The bold: very smart of you :P ( ;D)
I just tried that myself; I set a block rule from 07.30 to 07.45 just in front of the default LAN-allow all. That works. At 7.40 I can't browse, at 7.50 I can (and the log shows the blocks and allows).
So indeed, something strange going over when doing an overnight schedule ???
Is it the same over at your place?
Thank you ;D
-
I missed confirming everything last night. My block goes from 23:00-23:59 and 00:00 to 08:00. I went to sleep before 23:00 and then this morning my home internet was crap, coming and going, so I couldn't really see/test any difference between the block and real life :-
Access certainly came back some time after 08:00 when the rule did not apply and my internet came good. This is Nepal, what to do - as we say here :)
I will check again overnight and hopefully have more luck validating the blocking. -
Finally a morning with good internet - we have some major highway reconstruction going on in my town and due to the widening lots of cable runs are being moved. The internet now seems better than it ever was, maybe someone plugged the cable back in better after moving it!
My test site was correctly blocked right up to 08:00 this morning. And by 08:01 it was unblocked. So it works for me, even with a schedule as crazy as the one attached.
-
Thanks very much Phil ;D
It is solved for me too; I need to remember to, when nothing appears to work, reboot my pfSense more often. Because that did the trick for me obviously. Yesterday evening I set the rules, it blocked on time, and this morning it unblocked at the right time too.
Now I am off to study your remarks about the failover; thank you for your help very much ;D