Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Schedule Alias Block not working

    Firewalling
    3
    6
    1272
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      ozhound last edited by

      Hi All,

      I've recently switched from ClearOS to pfSense due to ClearOS being rubbish (I didn't have a need to change until I tried to enforce specific firewall rules and the 12-month-old Clearos 6 just didn't seem to work)

      my goal is to stop the kids devices (allocated to a particular range of IP via mac) from using the internet from say 8pm to 8am

      it just doesn't seem to work. the kids are still playing on their devices after 8pm.

      Can you take a look at the screen shots and advise?

      I have pfBlocker Configured and have disabled the rules I think may be instantly allowing traffic prior to the LAN rules being processed.

      When I originally created the ruleset I used the allow by default and block via the "kids_block" schedule. this seemed to work but didn't drop the connection when the firewall started blocking. My sons Mac couldn't access the net, but if he was on the PC and playing an online game during the transition from allowed to blocked it kept the state open.

      I then tried creating a 24/7 block for that alias with an allowed rule above that block. this doesn't seem to work at all.

      Thanks in advance.








      1 Reply Last reply Reply Quote 0
      • V
        viragomann last edited by

        The kids should be the source in the LAN rules instead destination, I think.
        And the allow rule has to be underneath the block rules (24/7) to take effect.

        If you have trouble with not closing existing connections by schedules also check System > Miscellaneous > Schedules.

        1 Reply Last reply Reply Quote 0
        • 2
          2chemlud Banned last edited by

          @viragomann:

          The kids should be the source in the LAN rules instead destination, I think.

          Agree :-D

          @viragomann:

          And the allow rule has to be underneath the block rules (24/7) to take effect.

          Not agree :-D

          @viragomann:

          If you have trouble with not closing existing connections by schedules also check System > Miscellaneous > Schedules.

          System -> Advance -> Miscellaneous  and ther Schedules. But the default (not checked) should work…

          1 Reply Last reply Reply Quote 0
          • V
            viragomann last edited by

            @2chemlud:

            @viragomann:

            And the allow rule has to be underneath the block rules (24/7) to take effect.

            Not agree :-D

            Agree  ::)  As this route should prohibit kids web access when the schedule isn't active.

            And a further point:
            Why do you allow your kids access to the pfSense WeGUI?

            1 Reply Last reply Reply Quote 0
            • O
              ozhound last edited by

              Thanks for the responses. ill try these changes and let you know.

              correct me if I'm wrong but doesn't the flow of the rule matching work from top to bottom? when a matching rule is found that "state" is passed or blocked with all other rules existing below the matching skipped/ignored?

              1 Reply Last reply Reply Quote 0
              • 2
                2chemlud Banned last edited by

                You are right… ;-)

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post

                Products

                • Platform Overview
                • TNSR
                • pfSense
                • Appliances

                Services

                • Training
                • Professional Services

                Support

                • Subscription Plans
                • Contact Support
                • Product Lifecycle
                • Documentation

                News

                • Media Coverage
                • Press
                • Events

                Resources

                • Blog
                • FAQ
                • Find a Partner
                • Resource Library
                • Security Information

                Company

                • About Us
                • Careers
                • Partners
                • Contact Us
                • Legal
                Our Mission

                We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                Subscribe to our Newsletter

                Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                © 2021 Rubicon Communications, LLC | Privacy Policy