simple toggle for children VLAN

awebster

@Gertjan Yeah, but it would be cool to have a simple UI extension for parents, or more specifically, the less technical parent, that is easy to use. Based on the questions in the Forums, there appear to be lots of pfSense deployments in the home, so responding to this need would be a win for sure.

In my case, I integrated my pfSense installation with an Asterisk PBX that does exactly this, by dialing a specific phone number, the caller is prompted to select which Kid's network they wish to enable or disable.
It does this by sshing to pfSense and toggling the proper rule. I used a specific pattern in the rule comments to allow the rule to be found in the rulebase. Works like a charm!

I think ultimately the basic concept could easily be extended to allow for some pretty cool rule automation.

sgw

@awebster said in simple toggle for children VLAN:

@Gertjan Yeah, but it would be cool to have a simple UI extension for parents, or more specifically, the less technical parent, that is easy to use. Based on the questions in the Forums, there appear to be lots of pfSense deployments in the home, so responding to this need would be a win for sure.

In my case, I integrated my pfSense installation with an Asterisk PBX that does exactly this, by dialing a specific phone number, the caller is prompted to select which Kid's network they wish to enable or disable.
It does this by sshing to pfSense and toggling the proper rule. I used a specific pattern in the rule comments to allow the rule to be found in the rulebase. Works like a charm!

I think ultimately the basic concept could easily be extended to allow for some pretty cool rule automation.

Sounds interesting! Do you want to share some of your work?

I also found this: https://forum.netgate.com/topic/130847/toggle-rules-or-rulesets-via-php-or-perl/1

... seems I asked a similar question back then already ;-)

Using "easyrule" might do the trick, if I wrap it up into some PHP-code that ssh-es into pfsense and runs the commands.

Gertjan

@sgw said in simple toggle for children VLAN:

into pfsense and runs the commands.

Added to that : php can anything.
So, an OpenVPN client on your pHone device, and two favourite browser URLs pre-setup in your pHone's browser will do the ENABLE and DISABLE.
( The OpenVPN app on the phone is much simpler as a opening up a (remote) SSH sessions )

The browsers ENABLE and DISABLE "URLs" would fiction right away when the pHone is connected to the Home Parrent Wifi connection.

NogBadTheBad

Is this for Wi-Fi, if it is I'd be be tempted to put them on their own vlan.

If you were using Ubiquity, you can enable / disable Wi-Fi clients on the fly or have time based schedules for the SSID.

sgw

@Gertjan sounds great, but how do I "define" or "get" these URLs?

sgw

@sgw said in simple toggle for children VLAN:

@Gertjan sounds great, but how do I "define" or "get" these URLs?

I think I understand now: something like:

https://pfsense/firewall_rules.php?if=opt4&act=toggle&id=63

would toggle that rule. Doesn't it have to be applied as well?
Additional I would need a low-right-pfsense-User with access to the Firewall Tab only, correct?

sgw

@NogBadTheBad said in simple toggle for children VLAN:

Is this for Wi-Fi, if it is I'd be be tempted to put them on their own vlan.

If you were using Ubiquity, you can enable / disable Wi-Fi clients on the fly or have time based schedules for the SSID.

No Wifi, no Ubiquiti ;-) .. so far PCs connected via ethernet cabling, inside a separate VLAN.

akuma1x

Ok, if it's all hard wired, how about sacrificing a small smart switch (because you said VLAN's) and power said switch with one of those "smart home" wifi power outlets?

The power outlet thingie can be turned on and off on a schedule, or even better, on demand with a smart phone app.

https://www.amazon.com/Gosund-Compatible-Required-appliances-Certified/dp/B079MFTYMV

If the switch doesn't have power, then the network traffic isn't going to pass. I'm NOT saying it's bullet-proof, or kid-proof either, but it could be a cheap & easy way to do this.

Remember, parenting of internet stuff CAN'T be done with tech, it has to be done with real-live parents. A conversation about time, or behavior, online would always be a better option.

Jeff

awebster

@akuma1x said in simple toggle for children VLAN:

Remember, parenting of internet stuff CAN'T be done with tech, it has to be done with real-live parents.

I agree, it requires real-live parents, but the tech can act as an enforcement point. Cut off Johnny's Netflix or PS4 access, and you'd be surprised how quickly the chores get done!

sgw

@akuma1x said in simple toggle for children VLAN:

Ok, if it's all hard wired, how about sacrificing a small smart switch (because you said VLAN's) and power said switch with one of those "smart home" wifi power outlets?

The power outlet thingie can be turned on and off on a schedule, or even better, on demand with a smart phone app.

https://www.amazon.com/Gosund-Compatible-Required-appliances-Certified/dp/B079MFTYMV

If the switch doesn't have power, then the network traffic isn't going to pass. I'm NOT saying it's bullet-proof, or kid-proof either, but it could be a cheap & easy way to do this.

We will consider that, thanks. Maybe we could even toggle the existing switch-port via FHEM somehow.