4. Schedule Alias Block not working

Schedule Alias Block not working

  • O

    Hi All,

    I've recently switched from ClearOS to pfSense due to ClearOS being rubbish (I didn't have a need to change until I tried to enforce specific firewall rules and the 12-month-old Clearos 6 just didn't seem to work)

    my goal is to stop the kids devices (allocated to a particular range of IP via mac) from using the internet from say 8pm to 8am

    it just doesn't seem to work. the kids are still playing on their devices after 8pm.

    Can you take a look at the screen shots and advise?

    I have pfBlocker Configured and have disabled the rules I think may be instantly allowing traffic prior to the LAN rules being processed.

    When I originally created the ruleset I used the allow by default and block via the "kids_block" schedule. this seemed to work but didn't drop the connection when the firewall started blocking. My sons Mac couldn't access the net, but if he was on the PC and playing an online game during the transition from allowed to blocked it kept the state open.

    I then tried creating a 24/7 block for that alias with an allowed rule above that block. this doesn't seem to work at all.

    Thanks in advance.








    0
  • V

    The kids should be the source in the LAN rules instead destination, I think.
    And the allow rule has to be underneath the block rules (24/7) to take effect.

    If you have trouble with not closing existing connections by schedules also check System > Miscellaneous > Schedules.

    0
  • 2
    Banned

    @viragomann:

    The kids should be the source in the LAN rules instead destination, I think.

    Agree :-D

    @viragomann:

    And the allow rule has to be underneath the block rules (24/7) to take effect.

    Not agree :-D

    @viragomann:

    If you have trouble with not closing existing connections by schedules also check System > Miscellaneous > Schedules.

    System -> Advance -> Miscellaneous  and ther Schedules. But the default (not checked) should work…

    0
  • V

    @2chemlud:

    @viragomann:

    And the allow rule has to be underneath the block rules (24/7) to take effect.

    Not agree :-D

    Agree  ::)  As this route should prohibit kids web access when the schedule isn't active.

    And a further point:
    Why do you allow your kids access to the pfSense WeGUI?

    0
  • O

    Thanks for the responses. ill try these changes and let you know.

    correct me if I'm wrong but doesn't the flow of the rule matching work from top to bottom? when a matching rule is found that "state" is passed or blocked with all other rules existing below the matching skipped/ignored?

    0
  • 2
    Banned

    You are right… ;-)

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy