Temporary block indyvidual vouchers



  • Hi All,

    I was wondering if there is any easy way to temporary block selected vouchers. I.e. if I have "bad" guy in the network with voucher valid for one week, but he get over daily usage I would like to block him for another day or few hours. So far I am blocking per device using MAC or IP in firewall rules, but if someone have 2 or more laptops or phones its become to be cat and mouse game.

    Would be handy to have an extra tab next to MAC tab in CP zones website and create something like groups per time/period. I.e. 1 day ban list, 1 week ban list or 2hrs ban list.

    Did someone have managed to do something like this?

    Regards
    fr0t



  • Hi,

    No one can make that firewall rule that blocks 'some one'. You'll have to use IP or MAC addresses.

    A click-interface  that let you block "an IP or MAC for x time" doesn't exist. Most of use are provide Internet to adult people, so we can apply the simple solution : preempt the voucher and case closed.



  • I think You didn't catch what is my idea…

    I want to do that when I kick (read: disconnect) user then login page will appear on his laptop again, then when he put voucher in, system will check if its allowed to use or not and then pass or block - simmilar like Allowed/blocked MAC list but with vouchers + to be able to configure period (time/date "up to"), so I wouldnt have to rememmber to unblock it later on.



  • I guess I did understand what you want ;)

    Expiring vouchers will not allow users to use it again. They will be thrown of, because the vouchers timed out.
    Status > Captive Portal > zone > Expire Vouchers
    They "the one that were thrown out" have to come to you to get a new voucher.

    The way you want it, "I'll block you temporary - and you'll regain access later on" is more school-, family- or parental-firewall function, and I guess pfSense isn't really intended to these kind of fine tuned demands.

    Anyway, want you want IS possible, of course. It can be arranged here : https://forum.pfsense.org/index.php?board=34.0 ;)



  • Instead of pay for it I can do it myself,

    My intention was to do something like this as standard in further versions of pfSense, to give developers idea to improve Captive Portal.

    Problem will be if I upgrade pfSense into next version probably I will lose my functionality and again and again with the next versions.