Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Schedule Alias Block not working

    Scheduled Pinned Locked Moved Firewalling
    6 Posts 3 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      ozhound
      last edited by

      Hi All,

      I've recently switched from ClearOS to pfSense due to ClearOS being rubbish (I didn't have a need to change until I tried to enforce specific firewall rules and the 12-month-old Clearos 6 just didn't seem to work)

      my goal is to stop the kids devices (allocated to a particular range of IP via mac) from using the internet from say 8pm to 8am

      it just doesn't seem to work. the kids are still playing on their devices after 8pm.

      Can you take a look at the screen shots and advise?

      I have pfBlocker Configured and have disabled the rules I think may be instantly allowing traffic prior to the LAN rules being processed.

      When I originally created the ruleset I used the allow by default and block via the "kids_block" schedule. this seemed to work but didn't drop the connection when the firewall started blocking. My sons Mac couldn't access the net, but if he was on the PC and playing an online game during the transition from allowed to blocked it kept the state open.

      I then tried creating a 24/7 block for that alias with an allowed rule above that block. this doesn't seem to work at all.

      Thanks in advance.

      Schedule.jpg
      Schedule.jpg_thumb
      Rules_Float.jpg
      Rules_Float.jpg_thumb
      Rules_LAN.jpg
      Rules_LAN.jpg_thumb
      Alias.jpg
      Alias.jpg_thumb

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        The kids should be the source in the LAN rules instead destination, I think.
        And the allow rule has to be underneath the block rules (24/7) to take effect.

        If you have trouble with not closing existing connections by schedules also check System > Miscellaneous > Schedules.

        1 Reply Last reply Reply Quote 0
        • 2
          2chemlud Banned
          last edited by

          @viragomann:

          The kids should be the source in the LAN rules instead destination, I think.

          Agree :-D

          @viragomann:

          And the allow rule has to be underneath the block rules (24/7) to take effect.

          Not agree :-D

          @viragomann:

          If you have trouble with not closing existing connections by schedules also check System > Miscellaneous > Schedules.

          System -> Advance -> Miscellaneous  and ther Schedules. But the default (not checked) should work…

          1 Reply Last reply Reply Quote 0
          • V
            viragomann
            last edited by

            @2chemlud:

            @viragomann:

            And the allow rule has to be underneath the block rules (24/7) to take effect.

            Not agree :-D

            Agree  ::)  As this route should prohibit kids web access when the schedule isn't active.

            And a further point:
            Why do you allow your kids access to the pfSense WeGUI?

            1 Reply Last reply Reply Quote 0
            • O
              ozhound
              last edited by

              Thanks for the responses. ill try these changes and let you know.

              correct me if I'm wrong but doesn't the flow of the rule matching work from top to bottom? when a matching rule is found that "state" is passed or blocked with all other rules existing below the matching skipped/ignored?

              1 Reply Last reply Reply Quote 0
              • 2
                2chemlud Banned
                last edited by

                You are right… ;-)

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.