Blocking Internet access to specific hosts
-
Schedule is discussed here. No sense going over again.
https://forum.pfsense.org/index.php?topic=54071.0 -
@webtyro:
Schedule is discussed here. No sense going over again.
https://forum.pfsense.org/index.php?topic=54071.0To recap that thread: 4 pages of mostly people complaining that whatever they tried did not work, mixed with some advice that is often later refuted as wrong, all starting with older versions of pfSense, where things worked one way, but later they worked in another way; all this made worse by serious lack of documentation. I'm sure one could find some documentation somewhere and get help somehow, but it seem to be quite a pain. The only ting I got from that thread (and others like it) is that I may need to have an unconditional "block" rule under the scheduled "pass" rule. I'll try that next.
Kamen -
In pfSense you pass on a schedule. You can also block on a schedule but when the scheduled time fires, existing states will not be killed.
As soon as the pass rule on a schedule followed by a block rule is in place there will be no states to kill because they will have not been created because there will be the block rule when the schedule is not active. Manually killing the states is only required on the initial creation of the schedule to get rid of any states that might already exist.
-
@webtyro:
Schedule is discussed here. No sense going over again.
https://forum.pfsense.org/index.php?topic=54071.0The only ting I got from that thread (and others like it) is that I may need to have an unconditional "block" rule under the scheduled "pass" rule. I'll try that next.
KamenYep! That is why I posted it. Not for the drama.
-
@webtyro:
@webtyro:
Schedule is discussed here. No sense going over again.
https://forum.pfsense.org/index.php?topic=54071.0The only ting I got from that thread (and others like it) is that I may need to have an unconditional "block" rule under the scheduled "pass" rule. I'll try that next.
KamenYep! That is why I posted it. Not for the drama.
I appreciate the "teaching" aspect of it, but if a single, two-line post was the gist of it, I would have appreciated it even more if you could have recapped it for me (like Derelict did), or at least pointed straight to it, rather than making me read through a hundred useless posts.
Kamen -
Yah. Kind of mean to send you down that rabbit hole. Do you think being new to PfSense and trash talking a program you know zilch about to guys who appreciate it for what it is will help.
Your attitude above my linked post did bring out my impish tendency. ::)
If you prefer the direct route I could have mentioned there is a book and RTFM! -
@webtyro:
Yah. Kind of mean to send you down that rabbit hole. Do you think being new to PfSense and trash talking a program you know zilch about to guys who appreciate it for what it is will help.
Your attitude above my linked post did bring out my impish tendency. ::)
If you prefer the direct route I could have mentioned there is a book and RTFM!I've never trash talked; it was constructive criticism, at best. I may be "new" to pfSense but not new to the world of IT and CS, in general. I've been as nice as possible. Same cannot be said about you. And there isn't a good M to be RTF-ed, to begin with - that's where I started; one of the many problems. As for my attitude, it is that I always help with what I can, wherever I can. And if I can't, I just don't say anything.
Kamen -
Derelict has a link to the manual in his reply. It is well worth it and helps support the free firewall.
and https://doc.pfsense.org/index.php/Main_Page may have more info.
Not nice? hmm. maybe I am getting snarky. Make you a deal. I will work on being a better human being if you hold off on the criticism until you have more time with PfSense.
After all it is free and the Dev's would appreciate our restraint. They do seem to be a hard working group. -
@webtyro:
Derelict has a link to the manual in his reply. It is well worth it and helps support the free firewall.
and https://doc.pfsense.org/index.php/Main_Page may have more info.Thank you! I noticed that, but it is $25, so I will consider buying it in case I determine that I will end up adopting the pfSense solution (I'm in the evaluation stage now). And I have been reading the wiki-manual, but it is quite incomplete. It's always my karma: whenever I need something, it is never among the routine cases… :-)
Kamen
P.S. I see you made an edit. :-)
@webtyro:[…]
Not nice? hmm. maybe I am getting snarky. Make you a deal. I will work on being a better human being if you hold off on the criticism until you have more time with PfSense.
After all it is free and the Dev's would appreciate our restraint. They do seem to be a hard working group.All I can say is: I am a developer myself. I have created and offered software for free (one of the earliest OBD-II Windows software). I don't know if the pfSense Devs are being paid, but in my professional work, I look for criticism so that I can improve it (honestly!) I may be a bit biased because my software is for industrial use (automation) and we just have to have the best quality, but this is just how I am. If a Dev comes and asks me "hey, why do you think pfSense is lacking in performance", I'll come back with a solid presentation, with test results (which I already have), showing my experience - all in the hopes that they'll investigate and either make improvements or assert the limitation I observed.
K. -
Some are paid some are not. Any help from you to the project would be appreciated even from me. Beta testing even speeds things along. Real bug finds are always welcome.
Well hope you settle in with PfSense. I have not found any better program than this for what it is capable of and cost. -
@webtyro:
Some are paid some are not. Any help from you to the project would be appreciated even from me. Beta testing even speeds things along. Real bug finds are always welcome.
Well hope you settle in with PfSense. I have not found any better program than this for what it is capable of and cost.Then, I hope I hear from the developers. I already caused a bug report to be filed (even though I wasn't the one submitting it) with my very first post here. The only problem with that is that my time (and brain capacity) is very precious and the learning curve is a very important consideration in choosing my tools. I'm sure pfSense is very powerful; hell, pf is even more powerful, but you need to "make sense" of it, right? :-)
Kamen
